(RADIATOR) (Radiator) AuthAttrDef -> LDAP attribute with ServerChecksPassword
E J C Boon
E.J.C.Boon at i-groep.leidenuniv.nl
Mon Jun 21 06:35:15 CDT 2004
Hello Everyone,
Im kinda newbie in Radiator and need to set up an Radius service which
can authenticate on LDAP.
The authentication part is not very hard, the part I have problems with
is this.
In the directory which is LDAP enabled the user has an attribute,
depending on the value of that attribute the user should get access or
not.
First authentication by LDAP with ServerChecksPassword
Then comparison of the LDAP attributes value.
I tried to acccomplish that with AuthAttrDef city,"leiden",check but
seems not to work that way because the second value should be a radius
attribute.
Tried to find examples/know issues on the net but... No luck, only thing
I found is the LDAPsearchFilter, but that doesn't work with the
ServerChecksPassword as I found out.
Anyone suggestions in which direction I should look ?
Below part of the config:
<Client 127.0.0.1>
Secret xxxxxxxxxxxxxxx
</Client>
<Handler Realm=/erwin.leidenuniv.nl/>
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername s/\./\_/g
AcctLogFileName /%L/%m-%y-Realm_Erwin.log
WtmpFileName /%L/wtmp
PasswordLogFileName /%L/Realm_Erwin_password.log
<AuthBy LDAP2>
FailureBackoffTime 760
ServerChecksPassword
Host xxx.xxx.xxx.xxx
BaseDN o=services
Scope sub
PasswordAttr userPassword
UsernameAttr cn
AuthAttrDef city,"leiden",check
Debug 255
</AuthBy>
</Handler>
Regards,
Erwin
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list