Hi Phil, Thank you so much for responding with your recommendations.. The Ldap config varies only by Server IP, Base DN and password.. If I use option #2, how does Free Radius know which OU to plug in when authorizing users? Does that mean users have to enter their fully qualified login name ?
Maybe Option #1 is good if I check for Calling Station ID in the "if" statement in the authorize section? Thank you for your patience again with my questions.. I wasn't sure what to call what I am trying to do, so couldn't find exact documentation on it.. Do you have a link where I can find out more info on how to do this? THANK YOU SOOO MUCH. Doreen On Wed, Sep 22, 2010 at 3:50 PM, Phil Mayers <[email protected]>wrote: > On 09/22/2010 09:58 PM, Ziggy Bopster wrote: > >> Hello All. >> >> Please help.. Any suggestions on where I should start? Thank you very >> much for your help!! >> >> > You have two options: > > First, create >1 instance of the ldap module. Use conditional statements in > the authorize section to do your ldap queries. For example: > > modules/my_ldap: > > ldap staff_ldap { > ... ldap config > } > > ldap other_ldap { > ... ldap config > } > > sites-available/... > > authorize { > ... > if (...) { > staff_ldap > } > elsif (...) { > other_ldap > } > ... > } > > > > The other option - if only a small amount of config varies, the ldap module > expands some of it's config. For example: > > modules/ldap: > > ldap { > basedn = "ou=%{Tmp-String-0},ou=MyOrg,c=US" > ... > } > > sites-available/... > > authorize { > if (...) { > update request { > Tmp-String-0 = "Staff" > } > } > elsif (...) { > update request { > Tmp-String-0 = "..." > } > } > } > > > ...when the LDAP module is executed the basedn will be expanded dynamically > and search based on what you've configured. > > Most of this is documented. Have you read the docs? > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
