Hi folks,
I'm trying to define radius default groups, based on an LDAP directory.
The group information used to determine the profile of the user should be
checked against a LDAP attribute, called "profilad".
But things are always more complicated than they seem :-))) So any help will
be highly appreciated :-)))
Here is the main LDAP organisation :
O=Myorg
|_ OU=region
|_ CN=User Name
|_ cn=userid (attribute used for authentication)
|_ ...
|_ profilad=value (attribute that should be used for group
identification)
Here is the radiusd.conf extract :
ldap {
server = "my_ldap"
basedn = "o=myorg"
filter = "(&(cn=%u)(droitad=Oui))"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
groupname_attribute = profilad
groupmembership_filter =
"(&(cn=%u)(droitad=Oui)(profilad=%GroupName))"
timeout = 30
timelimit = 30
net_timeout = 1
}
and the users extract :
DEFAULT Group = "Profil04", Login-Time := "Mo-Fr0815-1930"
Framed-Compression := Stac-LZS,
Fall-Through = yes
DEFAULT Group = "Profil01", Login-Time := "Mo-Su0815-1930"
Framed-Compression := Stac-LZS,
Fall-Through = yes
[...]
Regs,
Pierre.
.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
