On Wed, Jul 07, 2004 at 09:00:00PM +0200, Arthur EBEL wrote: > Hi everybody, > > My freeradius operate very well with an openldap directory > > All ldap users stored in my basedn="ou=people,ou=personnels,dc=utt,dc=fr" > can be authenticated. > > I would like to add another basedn="ou=students,ou=personnels,dc=utt,dc=fr" > BUT I don't want to give an access to all my tree dc=utt,dc=fr > > How can I set up the LDAP module to do this ?
AFAIK, rlm_ldap cannot work with multiple basedn's. However, you can use OpenLDAP own ACLs. E.g. in slapd.conf (assuming you have identity="cn=radius,ou=robots,dc=utt,dc=fr"): access to dn "ou=people,ou=personnels,dc=utt,dc=fr" ... by dn="cn=radius,ou=robots,dc=utt,dc=fr" read access to dn "ou=students,ou=personnels,dc=utt,dc=fr" ... by dn="cn=radius,ou=robots,dc=utt,dc=fr" read access to * by dn="cn=radius,ou=robots,dc=utt,dc=fr" none (I'm not sure this is totally correct so you should test it yourself.) Then you can safely use basedn="ou=personnels,dc=utt,dc=fr" for radius. -- Fduch M. Pravking - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html