Hi, I'm trying to build a solution to authorize users to log into devices based on their group membership in our NMS.
We use ClientListSQL to generate the Client config blocks and I've used the OSC-Authorize-Group attribute for add the group id's to the request attributes like: OSC-Authorize-Group-123,OSC-Authorize-Group=456 A Handler for example matches on OSC-Authorize-Group=123, which works as long as the device is only member of this single group but not if in multiple like in the above example. I haven't found an example how to match on the value of an attribute which occurs multiple times in the authentication request, is it possible? A workaround would be to make ClientListSQL add OSC-Authorize-Group=123,456 to the request and matching the value with a regex, which would be quite complicated but handle all cases without e.g. allowing access to a device in group 1234 when only 123 should be allowed. Any hints how to solve this? Thanks! -- Best regards, Alexander Hartmaier T-Systems Austria GesmbH TSS Security Services Network Security & Monitoring Engineer phone: +43(0)676-8642-4320 *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* _______________________________________________ radiator mailing list [email protected] http://lists.open.com.au/mailman/listinfo/radiator
