[RADIATOR] Different Reply Item based on LDAP (AD) Group membership
Johnson, Neil M
neil-johnson at uiowa.edu
Fri Mar 6 22:41:17 UTC 2020
What is the correct way to return a different reply attribute depending on a user’s AD member ship in group using AuthBy LDAP2 ?
The idea is to give some users full privileges to network equipment or limited privileges based on AD group membership.
<AuthBy LDAP2>
Identifier uiowa_ad_users
Host XXXXX.iowa.uiowa.edu
AuthDN CN=serviceid,OU=ServiceIDs,OU=User Accounts,DC=iowa,DC=uiowa,DC=edu
AuthPassword SECRET
Port 389
UseTLS
SSLVerify None
BaseDN DC=iowa,DC=uiowa,DC=edu
Scope base
SearchFilter (objectclass=*)
ServerChecksPassword
UsernameAttr sAMAccountName
</AuthBy>
Do I use multiple AuthBy LDAP2 sections with different search filters in a AuthBy GROUP, or is there something I can do with AuthAttrDef ?
Multiple Google searches have been inconclusive and I’m not sure what the best solution is according to the manual.
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20200306/66fde12d/attachment.html>
More information about the radiator
mailing list