On Apr 2, 2008, at 5:52 PM, Alan DeKok wrote:
Sylvain Robitaille wrote:
What I'm aiming to accomplish, however, is that the FreeRADIUS server
will authorize users for different services based on a slightly
different LDAP query. The users are in various groups, which can be
checked by supplying an LDAP query filter that checks the "memberOf"
attribute; Users in group "wireless" should be permitted to use the
wireless service; users in group "vpn" should be able to use the VPN
service; users in both groups could use either, and users in neither
group should be refused for either, etc.
You should be able to do this with multiple LDAP modules, or maybe by
dynamically editing the ldap query.
... Running radiusd in debug mode shows that the
ldap module is using the configuration for its un-named instance (the
default one from the stock config files, with minimal configuration
to
permit it to lookup users in our LDAP).
You have to change the reference to "ldap" in sites-available/
default.
to the instance name. e.g. "ldap_wireless".
I'm looking to do something similar.
What is the proper way to call a specific LDAP module based on NAS-IP-
Address (or huntgroup, probably)?
I don't want anything other than files (for overriding LDAP for
testing) then LDAP.
Obviously, I want to stay as close to the default config as
possible. :)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
