On 07/28/2012 12:55 AM, Rohan Henry wrote: > How do I use Radiator to store values obtained from LDAP and check > against them to authorize a user?
Hello Rohan, see the reference manual for version 4.10, section "5.39.16 AuthAttrDef". > LDAP attributes: > > Uid: fred > Password: mikem > Servicestatus: ACTIVE (or INACTIVE) > Packagename: Mega DSL (or Thunder, Voyageur 15, etc) > > I was able to get the servicestatus attribute working how I want using > the AddToRequest (see below) command. > > AddToRequest SERVICESTATUS = ACTIVE > > But I need a way to check against the packagename that can be a number > of values as shown above. You can do 'AddTORequest attr1=value1,attr2=value2,...' if you need to return multiple attributes. This does not let you to change the attribute values dynamically, though. For per user values, use AuthAttrDef. Something like this should do the trick and match the above AddToRequest for the user 'fred': AuthAttrDef Servicestatus,SERVICESTATUS,reply To add more attributes to reply, just add more AuthAttrDef lines: AuthAttrDef Packgename,whatever,reply You may want to see goodies/ldap.cfg in the Radiator distribution for more LDAP examples too. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
