(RADIATOR) LDAP Auth against Microsoft AD - limiting access by AD Group
Chris Rosan
Chris.Rosan at europcar.com.au
Tue May 8 22:49:20 CDT 2007
Hugh, this is what the relevant section looks like:
<AuthBy LDAP2>
Identifier AuthByLDAP
Host ldaphost
HoldServerConnection
Timeout 4
Port 3268
AuthDN cn=Auth Account,cn=Users,dc=my,dc=domain,dc=com,dc=au
AuthPassword authpass
BaseDN ou=Users,dc=my,dc=domain,dc=com,dc=au
ServerChecksPassword
UsernameAttr sAMAccountName
AuthAttrDef memberOf,"VPN Remote Access",check
#SearchFilter (&(memberOf=CN=VPN Remote
Access,OU=Groups,DC=my,DC=domain,DC=com,DC=au))
</AuthBy>
<Handler NAS-IP-Address=192.168.0.1,Realm=my.domain.com.au>
RewriteUsername s/\@my\.domain\.com\.au//
RewriteUsername tr/./ /
AuthBy AuthByLDAP
</Handler>
Regardless of the group membership this will authenticate. I've
attempted this with a search filter also, with the same result.
Chris
This e-mail and any files attached to it are confidential and
intended solely for the use of the individual or entity to
whom they are addressed. If you have received this e-mail
inadvertently or you are not the intended recipient, you may
not distribute, copy or in any way rely on it. Further, you
should notify the sender immediately and delete the e-mail
from your computer. The contents and opinions contained in
this e-mail are those of the individual sender unless they
are expressly stated to be those of Europcar. Whilst we have
taken precautions to alert us to the presence of computer
viruses, we cannot and do not guarantee that this email and
any files transmitted with it are free from such viruses.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list