>> I've checked the sources - rlm_ldap NEVER sets Ldap-Group attribute. It is >> used for comparison only :( >> >> >> Only option seems to be testing for Ldap-Group != "". >> >> Ivan Kalik > >It will not work. Quote from rlm_ldap.c: >static int ldap_groupcmp(void *instance, REQUEST *req, > UNUSED VALUE_PAIR *request, VALUE_PAIR *check, >... > if (check->vp_strvalue == NULL || check->length == 0){ > DEBUG("rlm_ldap::ldap_groupcmp: Illegal group name"); > return 1; > } > >It seems to me, that writing some patch is the only solution for my problem :)
I have a feeling that the same (you can check the value but not use it as an attribute) applies to SQL-Group. I will check that one. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html