(RADIATOR) LDAP/ServerTACACSPLUS question
mark
mark at dis-europe.nl
Thu Jul 20 05:44:52 CDT 2006
Hello List,
I am still trying to create a configuration where users
(router/switch/operators) can authenticate and authorize against an LDAP
server. It works now but not too my satisfaction. All the av-pair's are
in the LDAP user-profile, it would be better if the authorization
was linked at the group level. So ,first authenticate and then get the
authorization from the associated group.
What i've picked from the list, the AuthBy section in the cfg
should look something like this :
<AuthBy LDAP2>
#get user and group
</AuthBy>
</AuthBy>
<AuthBy FILE>
# check group
.....
</AuthBy>
The thing is i want none of the info coming from a file but all
of it centralized in the LDAP-database.
I know i can login as a user and as a group ; the group login
(with no PasswordAttr) and the group gets the appropriate permissions on the switch/router
I want to know how i can have two subsequent queries of the ldap-server,
first for the user-authentication, and then for the authorization via the properties
of the LDAP-group the user belongs to.
Hope you can point me in the right direction.
Greetings Mark
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list