Re: Huntgroups + LDAP

Wed, 28 Aug 2002 20:45:39 -0700 


Hi,

On Wed, 28 Aug 2002, Kostas Kalevras wrote:

> A huntgroup (if we are talking about the same thing) is defined in the
> huntgroups file in freeradius. Defining it in ldap is of no use. You can do much
> more cleaver things with the huntgroups file. You could use though the
> Huntgroup-Name and User-Profile attributes and define separate user profiles for
> each hungroup. In more detail:

Yes, we're talking about the same thing :)

FYI, my users are stored in LDAP and gets authenticated via

        Auth-Type := LDAP

I already tried using the Huntgroup-Name attribute but it was never
matched. IIRC, the group name was being checked against the system group
file. How could I tell freeradius to check the group membership on an LDAP
server? And check it for any match on the users file?

What I'm trying to accomplish is to check every user who log in for their
group membership then compare if it has a DEFAULT entry match on the users
file, then run an external program which calculates its remaining time and
return the Session-Timeout attribute.

Here's an entry from my users file:

        DEFAULT Huntgroup-Name == "testing"
        Exec-Program-Wait = "/usr/local/sbin/testing %u %n %p",
        Fall-Through = Yes

I've read some docs re: Ldap-Group attribute but it requires that every
user dn must be entered on its group dn.

For example,

dn: cn=users,ou=groups,dc=foo,dc=com
objectClass: posixGroup
objectClass: groupOfUniqueNames
cn: users
gidNumber: 1101
memberUid: arise
uniqueMember: uid=arise,ou=People,dc=foo,dc=com

This works well if you have few users but what if you have 10,000+
users in different hungtgroups? You need to add all of them on its
own group dn.

Is there any other way of doing this? Like checking the radiusHuntgroupName
attribute then compare if it matches on the huntgroups file.

Is there anything I miss here?

Thanks for the time.

regards,

Ron

>
> users file:
>
> DEFAULT       Hungroup-Name == "foo", User-Profile :=
> "uid=foo-profile,dc=company,dc=com"
>
> Hope it helps
>
> --
> Kostas Kalevras               Network Operations Center
> [EMAIL PROTECTED]    National Technical University of Athens, Greece
> Work Phone:           +30 10 7721861
> 'Go back to the shadow'       Gandalf
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to