Fetching memberOf attribute
Alan DeKok
aland at deployingradius.com
Wed May 14 18:39:13 UTC 2025
On May 14, 2025, at 11:18 AM, Matvey Teplov via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I cannot get the ldap module to fetch a memberOf attribute from AD - it is not putting it as a filter parameter in the LDAP search packet. I need this list later to search through for port-authentication phase through the groups in session-state:LDAP-Group[*]'s to identify which ones are present and return a proper VSA. The LDAP configuration is as follows:
Or, you can read the documentation which tells how to post to the list
http://wiki.freeradius.org/list-help
When you join the list, you get a message containing that URL, and a strongly worded comment saying you should read it.
> If I run manually ldap_search, then membership shows. Wireshark confirms that there is no attribute request in the ldap search packet present.
If only there was some kind of "server debugging output" which tells you what the server is doing.
> Any help will be greatly appreciated!
We did help. We wrote tons of documentation which tells you what to do. Please read it.
Alan DeKok.
More information about the Freeradius-Users
mailing list