[RADIATOR] Store values obtained from LDAP for authorization
Heikki Vatiainen
hvn at open.com.au
Mon Jul 30 02:38:20 CDT 2012
On 07/28/2012 12:55 AM, Rohan Henry wrote:
> How do I use Radiator to store values obtained from LDAP and check
> against them to authorize a user?
Hello Rohan,
see the reference manual for version 4.10, section "5.39.16 AuthAttrDef".
> LDAP attributes:
>
> Uid: fred
> Password: mikem
> Servicestatus: ACTIVE (or INACTIVE)
> Packagename: Mega DSL (or Thunder, Voyageur 15, etc)
>
> I was able to get the servicestatus attribute working how I want using
> the AddToRequest (see below) command.
>
> AddToRequest SERVICESTATUS = ACTIVE
>
> But I need a way to check against the packagename that can be a number
> of values as shown above.
You can do 'AddTORequest attr1=value1,attr2=value2,...' if you need to
return multiple attributes. This does not let you to change the
attribute values dynamically, though.
For per user values, use AuthAttrDef. Something like this should do the
trick and match the above AddToRequest for the user 'fred':
AuthAttrDef Servicestatus,SERVICESTATUS,reply
To add more attributes to reply, just add more AuthAttrDef lines:
AuthAttrDef Packgename,whatever,reply
You may want to see goodies/ldap.cfg in the Radiator distribution for
more LDAP examples too.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list