Hi,

I'm trying to build a solution to authorize users to log into devices
based on their group membership in our NMS.

We use ClientListSQL to generate the Client config blocks and I've used
the OSC-Authorize-Group attribute for add the group id's to the request
attributes like:

OSC-Authorize-Group-123,OSC-Authorize-Group=456

A Handler for example matches on OSC-Authorize-Group=123, which works as
long as the device is only member of this single group but not if in
multiple like in the above example.

I haven't found an example how to match on the value of an attribute
which occurs multiple times in the authentication request, is it possible?

A workaround would be to make ClientListSQL add
OSC-Authorize-Group=123,456 to the request and matching the value with a
regex, which would be quite complicated but handle all cases without
e.g. allowing access to a device in group 1234 when only 123 should be
allowed.

Any hints how to solve this?
Thanks!

--
Best regards, Alexander Hartmaier

T-Systems Austria GesmbH
TSS Security Services
Network Security & Monitoring Engineer

phone: +43(0)676-8642-4320



*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be 
privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

Reply via email to