Add notes on %ldap.group() xlat

author Nick Porter <nick@portercomputing.co.uk>

Thu, 14 Nov 2024 11:53:02 +0000 (11:53 +0000)

committer Nick Porter <nick@portercomputing.co.uk>

Thu, 14 Nov 2024 11:53:02 +0000 (11:53 +0000)
author Nick Porter <nick@portercomputing.co.uk>
Thu, 14 Nov 2024 11:53:02 +0000 (11:53 +0000)
committer Nick Porter <nick@portercomputing.co.uk>
Thu, 14 Nov 2024 11:53:02 +0000 (11:53 +0000)
diff --git a/raddb/mods-available/ldap b/raddb/mods-available/ldap

index 58c779f4bd570ae50c574369262cb27be36caab3..c35917009f1fe59041b362f9948e652d7fd3883b 100644 (file)
--- a/raddb/mods-available/ldap
+++ b/raddb/mods-available/ldap
@@ -970,3 +970,24 @@ ldap {
  #  "The LDAP url is ldap:///ou=profiles,dc=example,dc=com??sub?(objectClass=radiusprofile)"
  #  ```
  #
+#  ### %ldap.group(...)
+#
+#  Check whether the current user is a member of a the given group.  If the attribute
+#  `control.LDAP-UserDN` exists, that will be used as the "user" object.  If it does
+#  not then the user is first looked up using the filter form the `user { }` section
+#  of the module configuration.
+#
+#  Groups can be specified either as a name or a DN, with a lookup used if necessary
+#  to convert to the required format.
+#
+#  .Return: _bool_
+#
+#  .Example
+#
+#  [source,unlang]
+#  ---
+#  if (%ldap.group('cn=group1,ou=Groups,dc=example,dc=org')) {
+#    ...
+#  }
+#  ---
+#
author	Nick Porter <nick@portercomputing.co.uk>
	Thu, 14 Nov 2024 11:53:02 +0000 (11:53 +0000)
committer	Nick Porter <nick@portercomputing.co.uk>
	Thu, 14 Nov 2024 11:53:02 +0000 (11:53 +0000)