(RADIATOR) (Radiator) AuthAttrDef -> LDAP attribute with ServerChecksPassword

E J C Boon E.J.C.Boon at i-groep.leidenuniv.nl
Mon Jun 21 06:35:15 CDT 2004


Hello Everyone,

Im kinda newbie in Radiator and need to set up an Radius service which
can authenticate on LDAP.
The authentication part is not very hard, the part I have problems with
is this.
In the directory which is LDAP enabled the user has an attribute,
depending on the value of that attribute the user should get access or
not.
First authentication by LDAP with ServerChecksPassword
Then comparison of the LDAP attributes value.
I tried to acccomplish that with  AuthAttrDef city,"leiden",check but
seems not to work that way because the second value should be a radius
attribute.

Tried to find examples/know issues on the net but... No luck, only thing
I found is the LDAPsearchFilter, but that doesn't work with the
ServerChecksPassword as I found out.
Anyone suggestions in which direction I should look ?

Below part of the config:
<Client 127.0.0.1>
        Secret xxxxxxxxxxxxxxx
</Client>
 

<Handler Realm=/erwin.leidenuniv.nl/>
       RewriteUsername s/^([^@]+).*/$1/
       RewriteUsername s/\./\_/g
        AcctLogFileName /%L/%m-%y-Realm_Erwin.log
        WtmpFileName /%L/wtmp
        PasswordLogFileName /%L/Realm_Erwin_password.log
        <AuthBy LDAP2>
               FailureBackoffTime       760
               ServerChecksPassword
               Host xxx.xxx.xxx.xxx   
               BaseDN           o=services
               Scope            sub
               PasswordAttr     userPassword
               UsernameAttr     cn
               AuthAttrDef      city,"leiden",check
               Debug            255
        </AuthBy>
</Handler>


Regards,

Erwin

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list