Hi,
I'm trying to check if user is in a given group name in LDAP but it doesn't
work, here is the configuration:
- vi /etc/raddb/mods-enabled/ldap
ldap {
...
base_dn = 'cn=users,cn=accounts,dc=server,dc=example,dc=com'
...
}
group {
base_dn = "${..base_dn}"
filter = '(objectClass=posixGroup)'
scope = 'sub'
name_attribute = cn
membership_filter =
"(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"
membership_attribute = memberOf
cacheable_name = 'yes'
cacheable_dn = 'yes'
# cache_attribute = 'LDAP-Cached-Membership'
The result:
rlm_ldap (ldap): Reserved connection (2)
(0) Using user DN from request
"uid=ttest2,cn=users,cn=accounts,dc=server,dc=example,dc=com"
(0) Checking for user in group objects
(0) EXPAND
(&(cn=ipausers)(objectClass=posixGroup)(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}})))
(0) -->
(&(cn=ipausers)(objectClass=posixGroup)(|(member=uid\3dttest2\2ccn\3dusers\2ccn\3daccounts\2cdc\3dserver\2cdc\3dexample\2cdc\3com)(memberUid=ttest2)))
(0) Performing search in
"cn=users,cn=accounts,dc=server,dc=example,dc=com" with filter
"(&(cn=ipausers)(objectClass=posixGroup)(|(member=uid\3dttest2\2ccn\3dusers\2ccn\3daccounts\2cdc\3dserver\2cdc\3dexample\2cdc\3dcom)(memberUid=ttest2)))",
scope "sub"
(0) Waiting for search result...
(0) Search returned no results
(0) Checking user object's memberOf attributes
(0) Performing unfiltered search in
"uid=ttest2,cn=users,cn=accounts,dc=server,dc=example,dc=com", scope "base"
(0) Waiting for search result...
(0) No group membership attribute(s) found in user object
What i'm missing ?
Thanks,