(RADIATOR) Re: Question about using LDAP
Hugh Irvine
hugh at open.com.au
Thu Nov 4 17:04:45 CST 2004
Hello Brandon -
How are your usernames stored in the LDAP database?
bob
or
bob at domain1.com, bob at domain2.com, bob at domain3.com
I will assume the latter, in which case you can do something like this:
# define AuthBy clause
<AuthBy LDAP2>
Identifier CheckLDAP
.....
</AuthBy>
# define Realm clauses
<Realm domain1.com>
.....
AuthBy CheckLDAP
.....
</Realm>
<Realm domain2.com>
.....
AuthBy CheckLDAP
.....
</Realm>
<Realm domain3.com>
.....
AuthBy CheckLDAP
.....
</Realm>
......
# define Realm for usernames without realm suffix
<Realm>
AuthByPolicy ContinueUntilAccept
<AuthBy GROUP>
RewriteUsername s/^(.*)/$1\@domain1.com/
AuthBy CheckLDAP
.....
</AuthBy>
<AuthBy GROUP>
RewriteUsername s/^(.*)\@/$1\@domain2.com/
AuthBy CheckLDAP
.....
</AuthBy>
<AuthBy GROUP>
RewriteUsername s/^(.*)\@/$1\@domain3.com/
AuthBy CheckLDAP
.....
</AuthBy>
.....
</Realm>
Note that processing usernames without realm suffixes will be quite
slow.
Hope that helps.
regards
Hugh
On 5 Nov 2004, at 05:05, Brandon Shiers wrote:
> Folks,
>
> I'm doing some research to see what I can do in the following
> situation:
>
> I have 13 different domains through acquisitions. I'm using LDAP on my
> backend for the authentication database. I want to use radius, but i
> have a problem:
>
> I can have bob at domain1.com, bob at domain2.com, bob at domain3.com.......
>
> Users can login as either bob at domain1.com or just plain bob (we don't
> require full qualification on the login), in which case I currently
> have
> user collision setup so it will look to what password matches the
> current bob trying to login, and if it finds a match, then it passes
> the
> request and lets the user on, if not, it will reject.
>
> How can I set this up with radiator and using authbyldap2?
>
> Thanks,
>
> Brandon Shiers
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list