I have an ldap module that I want to force to do group checking.
Reading the documentation, it seems that there should be an attribute (I'm
assuming control?)
that should force that check ? i.e. instance-name-Ldap-Group ..
I notice that the ldap module seems to have group checking disabled by
default. I thought
that uncommenting the group config below should enable it ?
#
# Group membership checking. Disabled by default.
#
groupname_attribute = cn
groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))"
groupmembership_attribute = radiusGroupName
Below is what I have in my authorization section. I
update control {
ldapADut-Ldap-Group :=
"cn=chemVLAN,OU=Groups,OU=UofURadius,dc=ad,dc=utah,dc=edu"
}
ldapADut {
notfound = reject
}
Looking at the debug, it seems that there is no attempt to actually do any
group checking ?
What am I doing wrong ?
Thanks,
Robert
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
