Performing group-based LDAP authorization
If the LDAP search filter is configured to perform a group-based LDAP authorization, you might need to restrict (that is, adapt) the search base to search for groups.
To adjust the search base for groups, use the following command:
vyatta@vyatta#
set resources service-users ldap example.com group base-dn ou=Groups,dc=example,dc=com
Depending on the defined LDAP schema (RFC2307 or RFC2307bis), the member attribute is either memberuid or member for the group-based authentication.
If the LDAP schema used by the server requires a third variant that is not covered by either schema standard, use the following command:
vyatta@vyatta#
set resources service-users ldap example.com group member-attribute
memberAttr