(RADIATOR) Multiple groups from LDAP
Brent Miller
bmiller at usip.org
Mon Apr 16 19:23:56 CDT 2007
Question regarding multiple groups.
We have Radiator authenticating a Cisco ASA off of an LDAP server (OS
X OD if it makes a difference). Works wonderfully for yes/no
access. I'm starting on having Radiator push specific DACLs for
users depending on what groups they belong to. The hard part is the
groups have to be additive with thier DACLs (being in both group A
and B needs to give access to server A and B).
What's the recommended method for this? I'm figure worse case is an
<AuthBy Group> with an <AuthBy LDAP> for each access group, with an
specifc AddToReply cisco-avpair in each one, but I'm hoping there's a
cleaner way than making a ldap call for each group each time a user
tries to log in.
Brent Miller
Network Support Engineer
United States Institute of Peace
(202) 429-1970
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070416/d37b0f5d/attachment.html>
More information about the radiator
mailing list