> >Try looking at the groupmembership_filter option - work out a >search that works on the command line (with a filter), and then >fit that filter into the ldap config. > >It should probably something like (untested) > >groupname_attribute = cn >groupmembership_filter = "(&(objectClass=group)(member=%{Ldap-UserDn}))" >groupmembership_attribute = memberOf > >Run in debug, look at what it's actually searching, match to the >config file, tweak, rinse & repeat. > >Matthew
Thank you! This was the pointer I needed to get this working. I'm sure I'll have lots more questions about other aspects soon. -Scott - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html