On 05/21/2010 10:44 AM, John Maher wrote:
> I didn't notice what you pointed out, but it's telling. Actually, the > thing I noticed and am confused by is that the filter I have in > /etc/freeradius/modules/ldap (is that simply the configuration file for > rlm_ldap?) is this: > > groupmembership_filter = > "(&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name:-%{User-Name}}))" > > So why is the filter in the output this: > > (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn}))) I just figured this part out. The radiusd.conf file has an Include /etc/freeradius/modules statement, and there was a file in the modules directory called ldap.dpkg-old in that directory that was overiding the ldap config file. That doesn't mean everything works, but at least that mystery is solved. John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html