(RADIATOR) AuthBy LDAP and LDAP groups

Hugh Irvine hugh at open.com.au
Thu May 22 02:29:04 CDT 2003


Hello Matt -

You could either use multiple AuthBy LDAP2 clauses to do the various 
queries (and storing temporary results in the incoming request), or you 
could use a PostSearchHook to do further manipulation of the query 
results.

regards

Hugh


On Wednesday, May 21, 2003, at 23:09 Australia/Melbourne, Matt Richard 
wrote:

> Hi,
>
> I need different RADIUS attributes based on which LDAP group a user 
> belongs to.
>
> The user container does not contain group membership information - the 
> group contains a list of the group members in a multivalued field 
> called "memberuid".
>
> So I need to search for membership within a group.  I can do this with 
> "SearchFilter (&(memberuid=%1)(cn=radiusvpn))"  but any subsequent 
> search or bind uses the results of this filter as the new DN.
>
> What I really need is a way to do two searches of the LDAP database. 
> The first should be the password searh, or a bind would work okay > also.
>
> The second search should fail if the SearchFilter doesn't return with 
> the DN of a group.  An LDAP compare might be okay, if there's a way to 
> do that.  If the search succeeds, Radiator could grab the RADIUS 
> attributes stored at that DN.
>
> Has anyone done this before?  Or is there a simple solution I have 
> overlooked?
>
> I'm running Radiator on Mac OSX Server (10.2.6) and authenticating 
> users on a Cisco VPN3000 and AS5200, via the LDAP/NetInfo users & 
> groups database.
>
> Thanks!
>
> Matt
> -- 
> Matt Richard
> Access and Security Coordinator
> Franklin & Marshall College
> matt.richard at fandm.edu
> (717) 291-4157
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list