Robert Roll wrote: > The below is out of the .../share/doc/freeradius/rlm_ldap > > Note that it shows the Ldap_Group variable being set in the users file, but > I'm assuming it should not really matter where it gets set ? > > DEFAULT Ldap-Group == "cn=disabled,dc=company,dc=com"
No. See the "man users" page. The above example *compares* the LDAP-Group. > Note, I do not want to test for Ldap_Group, I want to be able to actually > set it so it is used within the ldap module ? You can't set it. It's intended to *check* if a user is a member of a particular LDAP group. Why would you want to set it? You don't have write access to LDAP, to set the group for a user? If you need a temporary place to store a value, don't use LDAP-Group. Use a locally-defined attribute. See raddb/dictionary for documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html