On Wed, 12 Jun 2002, Adi Linden wrote: > > No you can't. Both have to point to valid DN's in your tree. The > > profile_attribute is an attribute contained in the user entry pointing to the > > profile to be applied for the user, while User-Profile contains the profile to > > be applied in special cases instead of the default profile (I use it to > > implement Large Scale Dialout where I don't need the default reply items > > contained in the default profile). > > So the profiles are entirely in LDAP then. I wanted to stay away from > extending the LDAP schema on the LDAP server if possible and do as much as > possible in the freeradius configuration.
Well if you don't want to extend the LDAP schema then you could just use the users file to create profiles. > > From another message on the list I see that it is not possible to group > users by having an attribute such as this either: > > knetRadiusGroup: knetonly > > In "radiusd.conf" the LDAP attribute would have to associate with the > group somehow and then in "users": > > DEFAULT Group == "knetonly" > > Are there any solutions I haven't thought of yet? > > Thanks, > Adi You can create normal groups in your ldap tree. Then you can do group searches like this in your users file: DEFAULT Ldap-Group == "admins" Just set the groupname_attribute in the ldap module configuration section to whatever attribute holds the name of your group. That will be used to do a search to find the requested group like this: groupname_attribute = cn ldap_search($base_dn,(cn=admins) After that the module will use the groupmembership_filter to find if the user belongs to the group. I am planing to also implement the second way of doing group membership which is to have an attribute in the user entries pointing to the _DN_ of the group(s) the user belongs to. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
