Re: Authorisation based on LDAP Group membership

Thu, 13 Jun 2002 02:47:32 -0700 

It is not working. where am I going wrong ?
Regards,
Michael Fuller

----- Original Message -----
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 13, 2002 1:04 PM
Subject: Re: Authorisation based on LDAP Group membership


> On Thu, 13 Jun 2002, Michael Fuller wrote:
>
> > Hi all,
> >
> > Thanks to Kostas Kalevras for the clarification. Will my requirement
work on
> > an OU basis ? I can add the attributes to the administrators on a per
user
> > basis, as there will be only two or three of them.
>
> You don't add the attributes on a per user basis, you just add a pointer
to the
> profile dn and nothing else.
>
> >
> > My dial up users are a different story. I have around 500 users in my
> > database.
> >
> > About 50 of them will not have any restrictions on connect
> >      - A profile without any session limit restrictions
> > About  300 of them will be allowed to connect only for a limited time
per
> > day - A profile with restrictions on session limit.
> > The rest of the users will not have any dial up
> >       - A profile that does not permit dial up access.
> >
> > I do not think it is practically possible to assign these rights on a
per
> > user basis. How do I assign these three profiles to these three types of
> > users ?
>
> You just add a radiusprofiledn in the ldap entries of all your users
pointing to
> the correct profile dn. For your particular configuration you will only
need to
> do the following:
>
> default profile:
>
> Normal check/reply items
>
> 50 users: No user profile, the default profile will be sufficient
>
> 300 users: A user profle pointed by radiusprofiledn that will limit their
> online time
>
> the rest of the users: The rest will not have a dialupaccess attribute in
their
> ldap entry so they will not be allowed dialup access.
>
> >
> > Please help
> >
> > Thanks and regards,
> > Michael Fuller
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens, Greece
> Work Phone: +30 10 7721861
> 'Go back to the shadow' Gandalf
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>

Attachment: radius-profile.ldif
Description: Binary data

Attachment: radius-user.ldif
Description: Binary data

Reply via email to