Thanks, Joost...that's a good idea. Only problem is that I don't have any
unused attributes in the schema, and I'm being told from our LDAP admin that
it's difficult to add them.
Do you know if Open Consultants would offer consulting for the
implementation of LDAP groups?
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Joost Stegeman
Sent: Friday, February 25, 2000 12:34 PM
To: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Authenticating against groups in LDAP
Hi Stephen,
Radiator currently cannot use LDAP groups or my defintion of capabilities.
It
would be relatively easy to add a directive like
RequireAttrValue usertype,radiususer
which would require that apart from a matching password and other
check-items,
the user to be authenticated has an attribute "usertype" with value
"radiususer" .
This will probably start the everlasting discussion on how to implement
groups
in LDAP, but I think it would be relatively easy to add 'capabilities' to
users
and extend Radiator top use these. By a capability I mean the example above:
an
attribute defining to which 'group' a user belongs, or what this user is
allowed or not.
I like this setup because you can change just one attribute on a user to
give
hime or her more or less capabilities.
Of course, full blow group support could be done, and it probably should.
It's
typical for LDAP servers to have groups.
- Joost.
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
