>>> I've checked the sources - rlm_ldap NEVER sets Ldap-Group attribute. It is >>> used for comparison only :( >>> >>> >>> Only option seems to be testing for Ldap-Group != "". >>> >>> Ivan Kalik >> >>It will not work. Quote from rlm_ldap.c: >>static int ldap_groupcmp(void *instance, REQUEST *req, >> UNUSED VALUE_PAIR *request, VALUE_PAIR *check, >>... >> if (check->vp_strvalue == NULL || check->length == 0){ >> DEBUG("rlm_ldap::ldap_groupcmp: Illegal group name"); >> return 1; >> } >> >>It seems to me, that writing some patch is the only solution for my problem :) > >I have a feeling that the same (you can check the value but not use it as >an attribute) applies to SQL-Group. I will check that one. >
Yes, SQL-Group is the same. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html