>>> I've checked the sources - rlm_ldap NEVER sets Ldap-Group attribute. It is
>>> used for comparison only :(
>>>
>>>
>>> Only option seems to be testing for Ldap-Group != "".
>>>
>>> Ivan Kalik
>>
>>It will not work. Quote from rlm_ldap.c:
>>static int ldap_groupcmp(void *instance, REQUEST *req,
>> UNUSED VALUE_PAIR *request, VALUE_PAIR *check,
>>...
>> if (check->vp_strvalue == NULL || check->length == 0){
>> DEBUG("rlm_ldap::ldap_groupcmp: Illegal group name");
>> return 1;
>> }
>>
>>It seems to me, that writing some patch is the only solution for my problem :)
>
>I have a feeling that the same (you can check the value but not use it as
>an attribute) applies to SQL-Group. I will check that one.
>
Yes, SQL-Group is the same.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
