On 03/01/2010 03:55 PM, Jethro Carr wrote:
hi all,
I have setup a FreeRadius server which is authenticating against an
OpenLDAP database.
It's all working very nicely and I have it setup with radius
attributes being stored inside the LDAP database for each user.
However, what would be nice, would be to have the ability to store
radius attributes against groups that the user belongs to, so that
when radius queries the user, it gets all the attributes for all the
groups that the user belongs to.
I've had a look through the rlm_ldap documentation which has some
configuration options for groups, however it seems to me that this
is for authenticating users based on which group they are in, rather
than being able to fetch attributes from the groups that the user
belongs to?
Is this understanding correct, or am I missing something?
If I understand correctly what you would like to do then check out
"profiles" in the ldap_howto.txt. A profile is a way to associate a set
of attributes (e.g. the profile) with a user.
thanks in advance for any help! :-)
FreeRadius version is 1.1.3 (RHEL 5 build) if that's important.
BTW, you can find a current 2.1.8 build for RHEL 5 by visiting
http://wiki.freeradius.org/RedHat_FAQ
--
John Dennis <jden...@redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
