Re: (RADIATOR) Authenticating against groups in LDAP

Mon, 28 Feb 2000 03:06:14 -0800 

LOL!

This is of course wishfull thinking. With a little effort and perl/Radiator
knowledge it shouldn't be too hard to add this or the LDAP group support to the
Radiator code. You could probably use a pre- or postAuthHook but it would be
much nicer to use the already existing LDAP connection/query in the Radiator
code.

- Joost.

Joost Stegeman
Service Developer Integration Services
KPN OVN BBT/IP ISU IS

> Can you clarify something for me?
> 
> Is the 'RequireAttrValue     usertype,radiususer' an actual attribute you
> can add to the config file, or is it just a wishfull thinking idea?:)
> 
> I'm feeling a little silly right now, seeing that it's a Friday afternoon,
> and I can't find this in any documentation, and Radiator complains when I
> try to use it:(  Thank god it's the weekend.....
> 
> Thanks,
> Steve
> 
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of Joost Stegeman
> Sent: Friday, February 25, 2000 12:34 PM
> To: [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) Authenticating against groups in LDAP
> 
> 
> Hi Stephen,
> 
> Radiator currently cannot use LDAP groups or my defintion of capabilities.
> It
> would be relatively easy to add a directive like
> 
>      RequireAttrValue     usertype,radiususer
> 
> which would require that apart from a matching password and other
> check-items,
> the user to be authenticated has an attribute "usertype" with value
> "radiususer" .
> 
> This will probably start the everlasting discussion on how to implement
> groups
> in LDAP, but I think it would be relatively easy to add 'capabilities' to
> users
> and extend Radiator top use these. By a capability I mean the example
> above: an
> attribute defining to which 'group' a user belongs, or what this user is
> allowed or not.
> 
> I like this setup because you can change just one attribute on a user to
> give
> hime or her more or less capabilities.
> 
> Of course, full blow group support could be done, and it probably should.
> It's
> typical for LDAP servers to have groups.
> 
> - Joost.
> 
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
> 


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to