(RADIATOR) Attributes, AuthBy LDAP, and differentiated access levels

[Scott Ehnert]

Hello,

We are using AuthBy LDAP in order to centralize our user database.  I
have run into a hitch with this that I am unsure of how to work
around.

We have several different "classes" of device based on their function.
 For instance, we have foundry switches, some are classified "core"
some are "edge" etc.  We want to restrict user privilege level by the
class of device.  The problem is that if a user has
foundry-privilege-level=0 access to "edge" but has
foundry-privilege-level=5 access to "core" how do I send the
appropriate attribute based on which type of device?

I can see working around this by using AuthBy FILE and defining
different files on a per-realm basis, and then assigning each class to
a different Realm, but this defeats the centralized management
function.

Any assistance is appreciated.

Thanks!

-=Scott

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.