From: Nick Porter <nick@portercomputing.co.uk>
Date: Thu, 14 Nov 2024 11:53:02 +0000 (+0000)
Subject: Add notes on %ldap.group() xlat
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a163440ae3cf230d47196456a805bb9da796356c;p=thirdparty%2Ffreeradius-server.git

Add notes on %ldap.group() xlat
---

diff --git a/raddb/mods-available/ldap b/raddb/mods-available/ldap
index 58c779f4bd5..c35917009f1 100644
--- a/raddb/mods-available/ldap
+++ b/raddb/mods-available/ldap
@@ -970,3 +970,24 @@ ldap {
 #  "The LDAP url is ldap:///ou=profiles,dc=example,dc=com??sub?(objectClass=radiusprofile)"
 #  ```
 #
+#  ### %ldap.group(...)
+#
+#  Check whether the current user is a member of a the given group.  If the attribute
+#  `control.LDAP-UserDN` exists, that will be used as the "user" object.  If it does
+#  not then the user is first looked up using the filter form the `user { }` section
+#  of the module configuration.
+#
+#  Groups can be specified either as a name or a DN, with a lookup used if necessary
+#  to convert to the required format.
+#
+#  .Return: _bool_
+#
+#  .Example
+#
+#  [source,unlang]
+#  ---
+#  if (%ldap.group('cn=group1,ou=Groups,dc=example,dc=org')) {
+#    ...
+#  }
+#  ---
+#