Hi Stephen,
Radiator currently cannot use LDAP groups or my defintion of capabilities. It
would be relatively easy to add a directive like
RequireAttrValue usertype,radiususer
which would require that apart from a matching password and other check-items,
the user to be authenticated has an attribute "usertype" with value
"radiususer" .
This will probably start the everlasting discussion on how to implement groups
in LDAP, but I think it would be relatively easy to add 'capabilities' to users
and extend Radiator top use these. By a capability I mean the example above: an
attribute defining to which 'group' a user belongs, or what this user is
allowed or not.
I like this setup because you can change just one attribute on a user to give
hime or her more or less capabilities.
Of course, full blow group support could be done, and it probably should. It's
typical for LDAP servers to have groups.
- Joost.
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
