On 01/24/2012 08:48 AM, Arran Cudbard-Bell wrote:
[snip]
IIRC the LDAP Module is actually smart enough to figure out whether you passed in a DN as
a group or just a groupname, so in theory if you have the filters and search depth set
correctly you can just use Ldap-Group == "mygroup".
-Arran
[snip]
Indeed the LDAP module is smart enough however from a optimisation point
of view I prefer to enter the full DN of the group. This way only one
query is performed on the LDAP tree. Otherwise it will do more queries
to find what it needs.
Rg,
Arnaud
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
