>> I've checked the sources - rlm_ldap NEVER sets Ldap-Group attribute. It is
>> used for comparison only :(
>>
>>
>> Only option seems to be testing for Ldap-Group != "".
>>
>> Ivan Kalik
>
>It will not work. Quote from rlm_ldap.c:
>static int ldap_groupcmp(void *instance, REQUEST *req,
> UNUSED VALUE_PAIR *request, VALUE_PAIR *check,
>...
> if (check->vp_strvalue == NULL || check->length == 0){
> DEBUG("rlm_ldap::ldap_groupcmp: Illegal group name");
> return 1;
> }
>
>It seems to me, that writing some patch is the only solution for my problem :)
I have a feeling that the same (you can check the value but not use it as
an attribute) applies to SQL-Group. I will check that one.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
