(RADIATOR) Ldap Searchfilters
Matt
mnaismith at gmail.com
Tue Feb 20 21:58:21 CST 2007
Hi,
I find myself duplicating AuthBy LDAP2 clauses over and over changing only
the SearchFilter for use in different Realm based handlers. So we have
multiple Handlers authing against the same LDAP server but needing a
different search filter depending on the Realm used, hence needing an AuthBy
LDAP clause for every different Search filter.
So we have nice neat Handers but massive duplication of the AuthBy LDAP2
clauses simply because of the SearchFilter requirements.
It would be nice to have just one AuthBy LDAP2 clause per LDAP server but
within the handler specify the SearchFilter... I dont believe this is
possible.. That being said though, this config has evolved over the years. I
thought I'd ask the question, "is there is a better way" ?
Thanks..
Below is a very basic example of how things work now,
<AuthBy LDAP2>
Identifier LDAP-DIAL1
Host 192.168.1.1
AuthDN cn=admin,ou=bla
AuthPassword password
UsernameAttr cn
PasswordAttr userPassword
SearchFilter (&(cn=%{User-Name})(accountStatus=1)(Services=dialup))
</AuthBy>
<AuthBy LDAP2>
Identifier LDAP-DSL1
Host 192.168.1.1
AuthDN cn=admin,ou=bla
AuthPassword password
UsernameAttr cn
PasswordAttr userPassword
SearchFilter (&(cn=%{User-Name})(accountStatus=1)(Services=dsl))
</AuthBy>
<Handler Realm=dialup.domain.com.au>
<AuthBy GROUP>
AuthBy LDAP-DIAL1
AuthBy LDAP-DIAL2
</AuthBy>
</Handler>
<Handler Realm=dsl.domain.com.au>
<AuthBy GROUP>
AuthBy LDAP-DSL1
AuthBy LDAP-DSL2
</AuthBy>
</Handler>
Matt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20070221/e7e2ac30/attachment.html>
More information about the radiator
mailing list