|
Hello, i’m looking for a way to have my huntgroups
defined in LDAP similar to the way they are in SQL. For example if a user belongs to Ldap-Group vpn, the Group in
ldap contains an attribute containing the huntgroup names which the Group gives
access to. I tried adding ‘checkItem Huntgroup-Name’ info
to my ldap.attrmap with attribute ‘info’ having value: ‘=~ ^(vpn|sslvpn)$’
(without succes) I had success with the following setup: In users: DEFAULT Huntgroup-Name == vpn, Ldap-Group == vpn Fall-Through
= no DEFAULT Huntgroup-Name == sslvpn, Ldap-Group == sslvpn Fall-Through
= no DEFAULT Auth-Type := Reject This allows to specify which user has access to which
nasgroup by adding groupmemberships to the user. But it breaks the users
existing in SQL. I could off course also add the specific SQL-Groups into the
users file but this would still require a reorganisation of the SQL users since
they only have a Huntgroup-Name attribtue for there grouplevel which specifies
multiple huntgroups by using regexp. I’m kinda stuck in how to implement it. Any advice
would be greatly appreciated. J. |
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
