DEFAULT Ldap-Group == "GroupLetters", Pool-Name := letters DEFAULT Ldap-Group == "GroupNumbers", Pool-Name := numbers
Ivan Kalik Kalik Informatika ISP Dana 5/4/2008, "David Hláčik" <[EMAIL PROTECTED]> piše: >Hi, > >i will describe what i am trying to achieve. > >This is my sample ldap structure > >users (inetOrgPerson) : > > >cn=User1,ou=Users,o=Polarion >cn=User2,ou=Users,o=Polarion >cn=UserA,ou=Users,o=Polarion >cn=UserB,ou=Users,o=Polariong >groups (GroupOfNames) > >cn=GroupNumbers,ou=Groups,o=Polarion > member=cn=User1,ou=Users,o=Polarion > member=cn=User2,ou=Users,o=Polarion > > cn=GroupLetters,ou=Groups,o=Polarion > member=cn=UserA,ou=Users,o=Polarion > member=cn=UserB,ou=Users,o=Polarion > >I want to be able to assign different poll-name per group > >for GroupNumbers Pool-Name number >for GroupLetters Pool-Name letters > >How can i achieve this without adding any attribute to user entry? (users >have access to their dn, so they will be able to change it - this is what i >want to block! , i know i can set readonly access in slapd.conf, but this is >not what i want) > >1) One scenario i was thinking of is to add in radius to users file : > >DEFAULT Pool-Name == numbers, Ldap-Group >== cn=GroupNumbers,ou=Groups,o=Polarion > Fall-Through = no > >DEFAULT NAS-Port-Type == letters, Ldap-Group == >cn=GroupLetters,ou=Groups,o=Polarion > Fall-Through = no > >But what i need to add to ldap - configuration part in order to make it >work? > >Thanks very very much for help! > >Regards, > >David >On Wed, Apr 2, 2008 at 12:13 PM, Ivan Kalik <[EMAIL PROTECTED]> wrote: > >> >So if i understand clear a i need to name and configure ip pool parts in >> >radius.conf and than use this name as a Pool-Name in LDAp P? >> >> Yes. >> >> >Is there a >> >chance to specify range directly in LDAP and not in ip pool? >> > >> >> No, but there is sqlippool. Or use DHCP on your NAS. Or define IP pools >> on the NAS and select them with Framed-Pool if your NAS supports it. >> Cisco doesn't but you can set IP pool with avpairs. >> >> Ivan Kalik >> Kalik Informatika ISP >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html