[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: read ldap groups for a user not specified in User-Name
From: Matthew Newton <mcn4 () leicester ! ac ! uk>
Date: 2012-09-27 21:58:42
Message-ID: 20120927215842.GA31326 () rootmail ! cc ! le ! ac ! uk
[Download RAW message or body]
Hi,
On Thu, Sep 27, 2012 at 05:47:06PM +0000, David Aldwinckle wrote:
> The problem with that is that I don't know how to get FreeRadius
> to read the groups for an arbitrary user that is not %User-Name.
> Can I copy another variable into the User-Name attribute in
> Post-Auth, and then do the group check there?
Look at the filter option for the ldap module. You can set it to
search for anything, not necessarily just User-Name.
Use a second instantiation of the ldap module to do your locked
user checks on the main LDAP server after you've first searched
for User-Name on the guest LDAP server (and pulled back the local
user's account name - see ldap.attrmap).
Cheers,
Matthew
--
Matthew Newton, Ph.D. <mcn4@le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic