--- /dev/null
+#
+# Run the "ldap" module
+#
+ldap
+
+#
+# Resolve using group name attribute
+#
+if (LDAP-Group == 'foo') {
+ test_pass
+}
+else {
+ test_fail
+}
+
+#
+# Resolve using group DN
+#
+if (LDAP-Group == 'cn=foo,ou=groups,dc=example,dc=com') {
+ test_pass
+}
+else {
+ test_fail
+}
+
+#
+# Check we have these values cached
+#
+if (&LDAP-Cached-Membership[*] == 'foo') {
+ test_pass
+}
+else {
+ test_fail
+}
+
+if (&LDAP-Cached-Membership[*] == 'cn=foo,ou=groups,dc=example,dc=com') {
+ test_pass
+}
+else {
+ test_fail
+}
#
user {
# Where to start searching in the tree for users
- base_dn = 'ou=people,dc=example,dc=com'
- #base_dn = 'ou=people,${..base_dn}'
+ base_dn = "ou=people,${..base_dn}"
# Filter for user objects, should be specific enough
# to identify a single user object.
#
group {
# Where to start searching in the tree for groups
- base_dn = 'ou=groups,dc=example,dc=com'
+ base_dn = "ou=groups,${..base_dn}"
# Filter for group objects, should match all available
# group objects a user might be a member of.
filter = '(objectClass=groupOfNames)'
# Search scope, may be 'base', 'one', sub' or 'children'
-# scope = 'sub'
+ scope = 'sub'
# Attribute that uniquely identifies a group.
# Is used when converting group DNs to group
# Unless a conversion between group name and group DN is
# needed, there's no requirement for the group objects
# referenced to actually exist.
-# membership_attribute = 'memberOf'
+ membership_attribute = 'memberOf'
# If cacheable_name or cacheable_dn are enabled,
# all group information for the user will be
# the type that matches the format of your check items
# i.e. if your groups are specified as DNs then enable
# cacheable_dn else enable cacheable_name.
-# cacheable_name = 'no'
-# cacheable_dn = 'no'
+ cacheable_name = yes
+ cacheable_dn = yes
# Override the normal cache attribute (<inst>-LDAP-Group)
# and create a custom attribute. This can help if multiple
# module instances are used in fail-over.
-# cache_attribute = 'LDAP-Cached-Membership'
+ cache_attribute = 'LDAP-Cached-Membership'
}
#
#
client {
# Where to start searching in the tree for clients
- base_dn = 'ou=people,dc=example,dc=com'
+ base_dn = "ou=clients,${..base_dn}"
#
# Filter to match client objects
projects / thirdparty / freeradius-server.git / commitdiff
