I couldn't see any examples of how to do another LDAP search in a PostSearchHook, and it's not obvious to me how I would do that.
The first option you mentioned is to use multiple AuthBy LDAP2 clauses. The first clause checks the user's password, either with a search or a bind. This is working well. But the second clause still keeps trying to get the user's password, which won't work if I'm working with a group DN instead of a user DN.
How do I write the second AuthBy LDAP2 clause so that it doesn't check the password or try to bind with the password? I need to compare a string, I don't need it to work with passwords - that was done in the first clause.
Thanks,
Matt
Hello Matt -
You could either use multiple AuthBy LDAP2 clauses to do the various queries (and storing temporary results in the incoming request), or you could use a PostSearchHook to do further manipulation of the query results.
regards
Hugh
On Wednesday, May 21, 2003, at 23:09 Australia/Melbourne, Matt Richard wrote:
Hi,
I need different RADIUS attributes based on which LDAP group a user belongs to.
The user container does not contain group membership information - the group contains a list of the group members in a multivalued field called "memberuid".
So I need to search for membership within a group. I can do this with "SearchFilter (&(memberuid=%1)(cn=radiusvpn))" but any subsequent search or bind uses the results of this filter as the new DN.
What I really need is a way to do two searches of the LDAP database. The first should be the password searh, or a bind would work okay > also.
The second search should fail if the SearchFilter doesn't return with the DN of a group. An LDAP compare might be okay, if there's a way to do that. If the search succeeds, Radiator could grab the RADIUS attributes stored at that DN.
Has anyone done this before? Or is there a simple solution I have overlooked?
I'm running Radiator on Mac OSX Server (10.2.6) and authenticating users on a Cisco VPN3000 and AS5200, via the LDAP/NetInfo users & groups database.
Thanks!
Matt -- Matt Richard Access and Security Coordinator Franklin & Marshall College [EMAIL PROTECTED] (717) 291-4157 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
-- Matt Richard Access and Security Coordinator Franklin & Marshall College [EMAIL PROTECTED] (717) 291-4157 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
