Hello Denis, it looks like exactly what we do with Firewall SSO. In fact each times packetfence receive the new ip address of the device, it update the firewall with user/ip. You can have a look at lib/pf/firewallsso/... where you can find modules that deal with firewall and write your own module.
Also if you are not comfortable with perl development you can ask inverse for sponsored development. Regards Fabrice Le 2015-01-06 07:55, Denis Bonnenfant diderot a écrit : > Hello, and happy new year, > > We are currently using a custom solution to control internet access for > our students. The filtering is done with squid/squidGuard, which is > computing acls from ldap request based on client's IP source, to avoid > proxy auth. So basically the couple user/ip has to be updated on ldap > each time an user connects. This is done serverside from samba root > preexec logon script for windows domain computers, and from a custom > portal registration page for other devices. > > As all our network is migrating to PacketFence controlled 802.1x ldap > auth based on samba users and machine accounts, a great simplification > should be to have PF directly updating some user and ip LDAP attributes > on registration, and each time the role or ip changes, replacing > existing portal (for domain computers, which are autoregistered with > machine account in PF, the samba process is still ok). > > My question is : > > Where such actions ( basically some ldapsearch / ldapmodify, or ssh > existing scripts on samba/ldap server ) should be performed in > packetfence code ? Is there already some hooks for custom actions on > registration or role evaluation ? > > > Thanks > > Denis Bonnenfant > Lycée Diderot Paris > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming! The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org)
0xF78F957E.asc
Description: application/pgp-keys
------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
