(RADIATOR) AuthBy LDAP and LDAP groups

[Matt Richard]

Hi,

I need different RADIUS attributes based on which LDAP group a user belongs to.

The user container does not contain group membership information - 
the group contains a list of the group members in a multivalued field 
called "memberuid".

So I need to search for membership within a group.  I can do this 
with "SearchFilter (&(memberuid=%1)(cn=radiusvpn))"  but any 
subsequent search or bind uses the results of this filter as the new 
DN.

What I really need is a way to do two searches of the LDAP database. 
The first should be the password searh, or a bind would work okay 
also.

The second search should fail if the SearchFilter doesn't return with 
the DN of a group.  An LDAP compare might be okay, if there's a way 
to do that.  If the search succeeds, Radiator could grab the RADIUS 
attributes stored at that DN.

Has anyone done this before?  Or is there a simple solution I have overlooked?

I'm running Radiator on Mac OSX Server (10.2.6) and authenticating 
users on a Cisco VPN3000 and AS5200, via the LDAP/NetInfo users & 
groups database.

Thanks!

Matt
-- 
Matt Richard
Access and Security Coordinator
Franklin & Marshall College
matt.richard at fandm.edu
(717) 291-4157
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.