[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Reply-Items in Ldap-Group
From:       Giovanni Lovato <giovanni.lovato () aldu ! net>
Date:       2008-04-30 8:34:50
Message-ID: 48182F2A.5000107 () aldu ! net
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


Giovanni Lovato wrote:
> Ranner, Frank MR wrote:
>>> -----Original Message-----
>>> From: 
>>> freeradius-users-bounces+frank.ranner=defence.gov.au@lists.fre
>> eradius.org [mailto:freeradius-users->
>> bounces+frank.ranner=defence.gov.au@lists.freeradius.org] On 
>>> Behalf Of Giovanni Lovato
>>> Sent: Saturday, 1 March 2008 11:23
>>> To: FreeRadius users mailing list
>>> Subject: Reply-Items in Ldap-Group
>>>
>>> I wish to assign various Reply-Items to a group defined in LDAP, and 
>>> then configuring FreeRADIUS to fetch those Reply-Items whenever a user
>>> belonging to that group authenticates. Is that possible?
>>>
>>> Thank you!
>>>
>> You can use an indirect method:
>>
>> In users you can specify:
>>
>> DEFAULT Ldap-Group == "netops",
>> User-Profile:='cn=netops,ou=profiles,dc=example'
> 
> Ok, thank you very much. Can I place that `User-Profile' attribute
> directly in the LDAP user dn? I tried but it didn't work. I wish not to
> modify `users' file, but only LDAP if possible!

I found a very simple way to do this:
1. in radiusd.conf uncomment: profile_attribute = "radiusProfileDn"
2. in LDAP entries, add `radiusProfileDn' attribute and fill it with the
DN of the entry where RADIUS Reply-Items are defined.

Bye,
Giovanni Lovato

["smime.p7s" (application/x-pkcs7-signature)]

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[prev in list] [next in list] [prev in thread] [next in thread]