RE: Defining Radius groups with specific abilitations against LDA P at tribute

Tue, 19 Mar 2002 17:19:20 -0800 


I'm trying to pass specific configuration parameters for users listed in a
LDAP directory. The selection has to be made against an attribute value.

The main problem is that the LDAP structure (Domino server ...... urgl)
cannot be changed, and is not homogen :)
but anyway, directory is ordered like this :
O=Org
|_ some CN (not to be considered)
|_ some OU
   |_ some CN="User Name"
      |_ attributes
      |_ cn=userid (used for authentication, rlm_ldap basedn="O=Org",
filter="(cn=%u)")
      |_ user_profile_attribute=groupname (this is the attribute I need to
use to specify config parms)

I need to do something like :

DEFAULT Auth-Type := Ldap, Group-Name == "groupname_1"
                Specific_config_group_1

DEFAULT Auth-Type := Ldap, Group-Name == "groupname_2"
                Specific_config_group_2
...


I solved the problem by something not really clean and fast, but working,
like this :

rlm_ldap:

basedn="O=Org"
filter="(cn=%uid)"
...
group is searched against attribute "user_profile_attribute"
group_filter is, again, (cn=%u)

users:

DEFAULT Auth-Type := Ldap, Group-Name == "groupname_1" (value for attribute
user_profile_attribute)
                Specific_config_group_1

DEFAULT Auth-Type := Ldap, Group-Name == "groupname_2"
                Specific_config_group_2


This is fine working right now, but I'm sure this is not the best way to do.

Any experience ?
Thxs,

Pierre.

...-----Message d'origine-----
De : Kostas Kalevras [mailto:[EMAIL PROTECTED]]
Envoy� : mardi 19 mars 2002 21:24
� : [EMAIL PROTECTED]
Objet : RE: Defining Radius groups with specific abilitations against
LDA P at tribute


On Tue, 19 Mar 2002, Pierre Strazza wrote:

>
> Ok for the princip, but can you explain me more about functionality ? I do
> not practically understand ho I can implement this to define more than 1
> group against an attribute parameter.
>
> Thxs again,
> Pierre.
>

Could you please give me an example of what you are trying to do?

--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]      National Technical University of Athens, Greece
Work Phone:             +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


.




.




.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to