[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Authorize after checking an LDAP attribute value
From:       Kenneth Marshall <ktm () rice ! edu>
Date:       2007-07-27 19:50:09
Message-ID: 20070727195009.GI9744 () it ! is ! rice ! edu
[Download RAW message or body]

Dear Freeradius users:

I am trying to set up my authentication to allow only users
with a particular value of a particular LDAP attribute to login.
I am using freeradius 1.1.7 and I have the authentication
going against Kerberos but I do not know how to have the
radius server check the value of the attribute before allow
access. If they are not in the group, it should send back the
reject packet. Does anyone know how to perform a check item
check against a particular LDAP attribute? Here is how I can
set an attribute to the value and it works correctly:

DEFAULT Auth-Type = Kerberos, NAS-IP-Address == 1.2.3.4, NAS-Port == 10
	Connect-Info = "%{ldap:ldap:///dc=test,dc=com?testValue?sub?uid=%u}"

Any suggestions would be appreciated.

Regards,
Ken Marshall
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]