You need to specify where to look for the group membership. Comments
below.
On Thu, 22 Jan 2004, Daniel wrote:
> Sorry should have included it in the first place.
>
> Here it is:
>
> ldap {
> server = "127.0.0.1"
> identity = "cn=Manager,dc=test,dc=net,dc=au"
> password = XXXX
> basedn = "dc=test,dc=net,dc=au"
> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>
> start_tls = no
>
> dictionary_mapping = ${raddbdir}/ldap.attrmap
> ldap_connections_number = 5
> # password_header = "{clear}"
> # password_attribute = userPassword
> groupname_attribute = cu
> groupmembership_filter =
> "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
You need to change above to tell freeradius where to look for the groups
and what attribute stores the group members. Check doc/rlm_ldap, it
explains it. Look for groupname_attribute and groupmembership_filter.
> #groupmembership_attribute =
> timeout = 4
> timelimit = 3
> net_timeout = 1
> #compare_check_items = yes
> #access_attr_used_for_allow = yes
> }
>
> User entry:
>
> # testtest, People, test.net.au
> dn: uid=testtest,ou=People,dc=test,dc=net,dc=au
> objectClass: posixAccount
> objectClass: shadowAccount
> uid: testtest
> homeDirectory: /home/testtest
> cn: testtest account
> gidNumber: 1002
> loginShell: /bin/sh
> uidNumber: 502
> userPassword:: XXXX
>
> Group entry:
>
> # disabled, Group, test.net.au
> dn: cn=disabled,ou=Group,dc=test,dc=net,dc=au
> cn: disabled
> gidNumber: 1002
> userPassword:
> objectClass: posixGroup
> memberUid: testtest
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
