Richard Hesse wrote:
Nevermind I found the problem. There's a limitation in
ldap_groupcmp() such that only the last LDAP module instantiated is
actually checked -- ignoring whatever you specify. I found this info
from
http://lists.cistron.nl/pipermail/freeradius-users/2004-June/033220.html.
T
Richard Hesse wrote:
>
> Yes, that's what I ended up doing. However, I lose the ability
> to do load-balance and redunancy constructs.
Why?
> rlm_ldap indicates
> that I can list multiple LDAP servers for the host in
> radius.conf. How exactly does that work compared to redundancy
> or load-bal
> In any case, if you carefully read the text you quoted, you'll see a
> solution that doesn't require patches: List ALL ldap modules in the
>"instantiate" section, and list "ldap_enable" last.
> Alan DeKok.
Yes, that's what I ended up doing. However, I lose the ability to do
load-balance and r
Richard Hesse wrote:
> Rather disappointing that this limitation still exists from 2 years ago.
As always, patches are welcome.
> Does FR2.0 have some sort of object-based virtualization that would support
> this?
> Like, a "LDAP group" object which you could tie LDAP instances to and make
>
would support this?
Like, a "LDAP group" object which you could tie LDAP instances to and make the
check there?
-richard
- Original Message
From: Richard Hesse <[EMAIL PROTECTED]>
To: freeradius-users@lists.freeradius.org
Sent: Tuesday, January 30, 2007 12:40:36 PM
I'm trying to setup radius authentication for enable access on our networking
gear and having a tough time getting a working config. I'd like to have FR
check a group in LDAP for membership before authorizing. That is, I only want
user's listed in the "uniquemember" attribute of the Operations g
6 matches
Mail list logo