(RADIATOR) <AuthBy LDAP2> and Group membership checks?
Jan Tomasek
jan at tomasek.cz
Fri Sep 2 03:12:08 CDT 2005
Hi Hugh
> You can use two AuthBy LDAP2 clauses with an AuthByPolicy:
> [...]
That is my way! I used this configuration:
<AuthBy LDAP2>
Identifier CheckLDAP_Password
Host localhost
Version 3
AuthDN uid=XX,ou=Special Users,dc=cesnet,dc=cz
AuthPassword XX
BaseDN dc=cesnet,dc=cz
UsernameAttr uid
PasswordAttr tacuserpassword
</AuthBy>
<AuthBy LDAP2>
Identifier CheckLDAP_Group
Host localhost
Version 3
AuthDN uid=XX,ou=Special Users,dc=cesnet,dc=cz
AuthPassword XX
BaseDN cn=Employees,ou=Groups,dc=cesnet,dc=cz
UsernameAttr uid
PasswordAttr
SearchFilter
(|(uniqueMember=%0=%1,ou=People,dc=cesnet,dc=cz)(uniqueMember=%0=%1,ou=Special
users,dc=cesnet,dc=cz))
</AuthBy>
<Handler>
AuthByPolicy ContinueWhileAccept
AuthBy CheckLDAP_Password
AuthBy CheckLDAP_Group
AuthLog authlogger
AcctLogFileName /var/log/radiator-vpn/accounting
</Handler>
I didn't figured how to replace %0=%1,ou=People,dc=cesnet,dc=cz and
%0=%1,ou=Special users,dc=cesnet,dc=cz with DN of the user found in previous
step. But that doesn't bother me much.
Thanks for help!
--
--------------------------------------------------------------
Jan Tomasek aka Semik work: CESNET, z.s.p.o.
http://www.tomasek.cz/ Zikova 4, 160 00 Praha 6
Czech Republic
phone(work): +420 2 2435 5279 http://www.cesnet.cz/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050902/e31b264c/attachment.bin>
More information about the radiator
mailing list