Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Performing group-based LDAP authorization

If the LDAP search filter is configured to perform a group-based LDAP authorization, you might need to restrict (that is, adapt) the search base to search for groups.

To adjust the search base for groups, use the following command:


      vyatta@vyatta# set resources service-users ldap example.com group base-dn ou=Groups,dc=example,dc=com

Depending on the defined LDAP schema (RFC2307 or RFC2307bis), the member attribute is either memberuid or member for the group-based authentication.

If the LDAP schema used by the server requires a third variant that is not covered by either schema standard, use the following command:


      vyatta@vyatta# set resources service-users ldap example.com group member-attribute
 memberAttr