[802.1X] FreeRADIUS OpenLDAP

classic Classic list List threaded Threaded
1 message Options
| Threaded
Open this post in threaded view
|

[802.1X] FreeRADIUS OpenLDAP

Users mailing list
Hello everyone,

I'm using an LDAP directory to store my user accounts and groups. For each
group I created a radiusObjectProfile to store the required attributes to
assign a VLAN to the user.
A user can't be in more than 1 group. My profiles are stored in
*cn=group1,ou=profiles,ou=radius,dc=company,dc=com*, each profile's *common
name* matches the corresponding group name.

How can I configure my LDAP module to get the right profile depending on
the user's group?

I tried it this way:



*profile {                filter = '(objectclass=radiusprofile)'
    default = "cn=%{LDAP-Group},ou=profiles,ou=radius,${..base_dn}"*
*}*

But it does not work...
Here is Freeradius's output:
*(0) ldap: EXPAND cn=%{LDAP-Group},ou=profiles,ou=radius,*dc=company,dc=com

*(0) ldap:    --> cn=,ou=profiles,ou=radius,dc=jdl-network,dc=local(0)
ldap: Performing search in "cn=,ou=profiles,ou=radius,*dc=company,dc=com


*" with filter "(objectclass=radiusprofile)", scope "base"(0) ldap: Waiting
for search result...(0) ldap: ERROR: Failed performing search: Invalid DN
syntax(0) ldap: ERROR: Server said: invalid DN.*

Obviously, using *%{LDAP-Group}* won't work if the variable has no value..

Do you have any idea how I can get the user's group?
Is there a way to extract the group name from the dn (
*uid=cvdz,cn=group1,ou=users,ou=radius,dc=company,dc=com*)?

Thank you very much for your help.
Kind regards

--
Christian VAN DER ZWAARD
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html