Я использую сервер freeradius для возврата имени группы, LDAP - 389 DS:
In /etc/raddb/mods-enabled/ldap:
ldap {
server = 'freeipa.dc=server,dc=example,dc=com
# port = 389
# identity = 'cn=admin,dc=server,dc=example,dc=com'
# password = mypass
base_dn = 'cn=users,cn=accounts,dc=server,dc=example,dc=com'
...
}
group {
base_dn = 'cn=groups,cn=accounts,dc=server,dc=example,dc=com'
dc=example,dc=com
name_attribute = cn
membership_filter = "(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}}))"
membership_attribute = memberOf
...
}
Отладка:
rlm_ldap (ldap): Reserved connection (2)
(0) Using user DN from request "uid=ttest2,cn=users,cn=accounts,dc=server,dc=example,dc=com"
(0) Checking for user in group objects
(0) EXPAND (&(cn=ipausers)(objectClass=ipausergroup)(|(member=%{control:Ldap-UserDn})(memberUid=%{%{Stripped-User-Name}:-%{User-Name}})))
(0) --> (&(cn=ipausers)(objectClass=ipausergroup)(|(member=uid\3dttest2\2ccn\3dusers\2ccn\3daccounts\2cdc\3dserver\2cdc\3dexample\2cdc\3dcom)(memberUid=ttest2)))
(0) Performing search in "cn=ipausers,cn=groups,cn=accounts,dc=server,dc=example,dc=com" with filter "(&(cn=ipausers)(objectClass=ipausergroup)(|(member=uid\3dttest2\2ccn\3dusers\2ccn\3daccounts\2cdc\3dserver\2cdc\3dexample\2cdc\3dcom)(memberUid=ttest2)))", scope "sub"
(0) Waiting for search result...
(0) Search returned no results
(0) Checking user object's memberOf attributes
(0) Performing unfiltered search in "uid=ttest2,cn=users,cn=accounts,dc=server,dc=example,dc=com", scope "base"
(0) Waiting for search result...
(0) No group membership attribute(s) found in user object
Но фильтр не возвращает результатов (0) Поиск не дал результатов !! Я что-то упустил?
Спасибо