(RADIATOR) Reversing a PreAuthHook
Hugh Irvine
hugh at open.com.au
Mon Sep 25 19:14:06 CDT 2006
Hello Peter -
You should just use an appropriate SearchFilter with the LDAP query
you want to run, rather than an AuthAttrDef.
See section 5.36.15 in the Radiator 3.15 reference manual ("doc/
ref.html").
regards
Hugh
On 25 Sep 2006, at 20:05, Peter Bates wrote:
>
> Hello all...
>
> Apologies if this is a silly question.
>
> We're using Radiator primarily to authenticate
> users against an LDAP backend (Novell eDirectory).
>
> As an easy way of denying access, we check
> for membership of a particular group:
>
> AuthAttrDef groupMembership,group-check,check
> PreAuthHook sub { ${$_[0]}->add_attr('group-check',
> 'cn=RADIUS-Users,ou=BMAS,ou=SCHOOL,o=LSHTM') ;}
>
> We've just realized the error of our ways, however,
> and that we should really allow access to all, and use this group
> to include people we wish to deny instead of allow.
>
> Can I just '!' the group in the PreAuthHook, is the answer more
> involved,
> or am I going about things in an overly complicated way in the first
> place?!
>
> Thanks.
>
>
> ----------------------------------------------------------------------
> ----------------------------->
> Peter Bates, Systems Support Officer, IT Services.
> London School of Hygiene & Tropical Medicine.
> Telephone:0207-958 8353 / Fax: 0207- 636 9838
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list