[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: read ldap groups for a user not specified in User-Name
From:       Matthew Newton <mcn4 () leicester ! ac ! uk>
Date:       2012-09-27 21:58:42
Message-ID: 20120927215842.GA31326 () rootmail ! cc ! le ! ac ! uk
[Download RAW message or body]

Hi,

On Thu, Sep 27, 2012 at 05:47:06PM +0000, David Aldwinckle wrote:
> The problem with that is that I don't know how to get FreeRadius
> to read the groups for an arbitrary user that is not %User-Name.
> Can I copy another variable into the User-Name attribute in
> Post-Auth, and then do the group check there? 

Look at the filter option for the ldap module. You can set it to
search for anything, not necessarily just User-Name.

Use a second instantiation of the ldap module to do your locked
user checks on the main LDAP server after you've first searched
for User-Name on the guest LDAP server (and pulled back the local
user's account name - see ldap.attrmap).

Cheers,

Matthew



-- 
Matthew Newton, Ph.D. <mcn4@le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]