[RADIATOR] Different Reply Item based on LDAP (AD) Group membership

Johnson, Neil M neil-johnson at uiowa.edu
Fri Mar 6 22:41:17 UTC 2020

What is the correct way to return a different reply attribute depending on a user’s AD member ship in group using AuthBy LDAP2 ?

The idea is to give some users full privileges to network equipment or limited privileges based on AD group membership.

<AuthBy LDAP2>
    Identifier uiowa_ad_users
    Host XXXXX.iowa.uiowa.edu
    AuthDN CN=serviceid,OU=ServiceIDs,OU=User Accounts,DC=iowa,DC=uiowa,DC=edu
    AuthPassword SECRET
    Port 389
    SSLVerify None
    BaseDN DC=iowa,DC=uiowa,DC=edu
    Scope base
    SearchFilter (objectclass=*)
    UsernameAttr sAMAccountName

Do I use multiple AuthBy LDAP2 sections with different search filters in a AuthBy GROUP, or is there something I can do with AuthAttrDef ?

Multiple Google searches have been inconclusive and I’m not sure what the best solution is according to the manual.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20200306/66fde12d/attachment.html>

More information about the radiator mailing list