(RADIATOR) Ldap Searchfilters

Matt mnaismith at gmail.com
Tue Feb 20 21:58:21 CST 2007


Hi,

I find myself duplicating AuthBy LDAP2 clauses over and over changing only
the SearchFilter for use in different Realm based handlers.     So we have
multiple Handlers authing against the same LDAP server but needing a
different search filter depending on the Realm used, hence needing an AuthBy
LDAP clause for every different Search filter.

So we have nice neat Handers but massive duplication of the AuthBy LDAP2
clauses simply because of the SearchFilter requirements.

It would be nice to have just one AuthBy LDAP2 clause per LDAP server but
within the handler specify the SearchFilter... I dont believe this is
possible.. That being said though, this config has evolved over the years. I
thought I'd ask the question, "is there is a better way" ?

Thanks..

Below is a very basic example of how things work now,


<AuthBy LDAP2>

Identifier      LDAP-DIAL1
Host            192.168.1.1
AuthDN          cn=admin,ou=bla
AuthPassword    password
UsernameAttr    cn
PasswordAttr    userPassword
SearchFilter (&(cn=%{User-Name})(accountStatus=1)(Services=dialup))

</AuthBy>

<AuthBy LDAP2>

Identifier      LDAP-DSL1
Host            192.168.1.1
AuthDN          cn=admin,ou=bla
AuthPassword    password
UsernameAttr    cn
PasswordAttr    userPassword
SearchFilter (&(cn=%{User-Name})(accountStatus=1)(Services=dsl))

</AuthBy>


<Handler Realm=dialup.domain.com.au>

<AuthBy GROUP>
AuthBy LDAP-DIAL1
AuthBy LDAP-DIAL2
</AuthBy>

</Handler>

<Handler Realm=dsl.domain.com.au>

<AuthBy GROUP>
AuthBy LDAP-DSL1
AuthBy LDAP-DSL2
</AuthBy>

</Handler>

Matt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070221/e7e2ac30/attachment.html>


More information about the radiator mailing list