(RADIATOR) AuthBy LDAP and LDAP groups
Hugh Irvine
hugh at open.com.au
Thu May 22 02:29:04 CDT 2003
Hello Matt -
You could either use multiple AuthBy LDAP2 clauses to do the various
queries (and storing temporary results in the incoming request), or you
could use a PostSearchHook to do further manipulation of the query
results.
regards
Hugh
On Wednesday, May 21, 2003, at 23:09 Australia/Melbourne, Matt Richard
wrote:
> Hi,
>
> I need different RADIUS attributes based on which LDAP group a user
> belongs to.
>
> The user container does not contain group membership information - the
> group contains a list of the group members in a multivalued field
> called "memberuid".
>
> So I need to search for membership within a group. I can do this with
> "SearchFilter (&(memberuid=%1)(cn=radiusvpn))" but any subsequent
> search or bind uses the results of this filter as the new DN.
>
> What I really need is a way to do two searches of the LDAP database.
> The first should be the password searh, or a bind would work okay > also.
>
> The second search should fail if the SearchFilter doesn't return with
> the DN of a group. An LDAP compare might be okay, if there's a way to
> do that. If the search succeeds, Radiator could grab the RADIUS
> attributes stored at that DN.
>
> Has anyone done this before? Or is there a simple solution I have
> overlooked?
>
> I'm running Radiator on Mac OSX Server (10.2.6) and authenticating
> users on a Cisco VPN3000 and AS5200, via the LDAP/NetInfo users &
> groups database.
>
> Thanks!
>
> Matt
> --
> Matt Richard
> Access and Security Coordinator
> Franklin & Marshall College
> matt.richard at fandm.edu
> (717) 291-4157
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list