(RADIATOR) Multiple groups from LDAP

Brent Miller bmiller at usip.org
Mon Apr 16 19:23:56 CDT 2007


Question regarding multiple groups.

We have Radiator authenticating a Cisco ASA off of an LDAP server (OS  
X OD if it makes a difference).  Works wonderfully for yes/no  
access.  I'm starting on having Radiator push specific DACLs for  
users depending on what groups they belong to.  The hard part is the  
groups have to be additive with thier DACLs (being in both group A  
and B needs to give access to server A and B).

What's the recommended method for this?  I'm figure worse case is an  
<AuthBy Group> with an <AuthBy LDAP> for each access group, with an  
specifc AddToReply cisco-avpair in each one, but I'm hoping there's a  
cleaner way than making a ldap call for each group each time a user  
tries to log in.



Brent Miller
Network Support Engineer
United States Institute of Peace
(202) 429-1970


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070416/d37b0f5d/attachment.html>


More information about the radiator mailing list