Discussion:
Evaluate condition against LDAP with ulang
Tom Yard
2018-10-26 19:10:08 UTC
Permalink
Hi people,

I have implemented a Freeradius sever running OK that authenticate against
LDAP.

Firstly, I have a LDAP tree with users under groups, such as:

CN=Network,OU=Employess,DC=company,DC=com

and my evaluating condition wit ulang was:

if (LDAP-Group == Network)

And the authentication was OK.

But now, the LDAP administrators has modify the LDAP tree and now the users
are under the OU as below:

OU=Employess,DC=company,DC=com

How can I evaluate the condition "if the user is under OU=Employees" ???

Because if I use if (LDAP-Group == Employees), it doesn't authneticate.

Thanks a lot, regards !!!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/u
Dave Macias
2018-10-26 19:37:20 UTC
Permalink
You could look into your ldap module and edit your base/users

Tried that?
Post by Tom Yard
Hi people,
I have implemented a Freeradius sever running OK that authenticate against
LDAP.
CN=Network,OU=Employess,DC=company,DC=com
if (LDAP-Group == Network)
And the authentication was OK.
But now, the LDAP administrators has modify the LDAP tree and now the users
OU=Employess,DC=company,DC=com
How can I evaluate the condition "if the user is under OU=Employees" ???
Because if I use if (LDAP-Group == Employees), it doesn't authneticate.
Thanks a lot, regards !!!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscr
Alejandro Cabrera Obed
2018-10-29 12:41:11 UTC
Permalink
Dear Dave, yes....I have tried this:

OU=Employess,DC=company,DC=com

But what is the condition to ask for users below an OU and not a Group ???

Thans again, regards.
Post by Dave Macias
You could look into your ldap module and edit your base/users
Tried that?
Post by Tom Yard
Hi people,
I have implemented a Freeradius sever running OK that authenticate
against
Post by Tom Yard
LDAP.
CN=Network,OU=Employess,DC=company,DC=com
if (LDAP-Group == Network)
And the authentication was OK.
But now, the LDAP administrators has modify the LDAP tree and now the
users
Post by Tom Yard
OU=Employess,DC=company,DC=com
How can I evaluate the condition "if the user is under OU=Employees" ???
Because if I use if (LDAP-Group == Employees), it doesn't authneticate.
Thanks a lot, regards !!!
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
// Alejandro //
-
List info/subscribe/unsubscribe? See http://www.freera
Dave Macias
2018-10-31 13:31:10 UTC
Permalink
That is an interesting question. I personally was not sure but as it would
have it someone asked a similar question.

http://lists.freeradius.org/pipermail/freeradius-users/2018-October/093168.html

Hope that helps
Post by Tom Yard
OU=Employess,DC=company,DC=com
But what is the condition to ask for users below an OU and not a Group ???
Thans again, regards.
Post by Dave Macias
You could look into your ldap module and edit your base/users
Tried that?
Post by Tom Yard
Hi people,
I have implemented a Freeradius sever running OK that authenticate
against
Post by Tom Yard
LDAP.
CN=Network,OU=Employess,DC=company,DC=com
if (LDAP-Group == Network)
And the authentication was OK.
But now, the LDAP administrators has modify the LDAP tree and now the
users
Post by Tom Yard
OU=Employess,DC=company,DC=com
How can I evaluate the condition "if the user is under OU=Employees"
???
Post by Dave Macias
Post by Tom Yard
Because if I use if (LDAP-Group == Employees), it doesn't authneticate.
Thanks a lot, regards !!!
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
// Alejandro //
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsub

Loading...