[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: post-auth help to simplify
From: Alan DeKok <aland () deployingradius ! com>
Date: 2021-08-30 14:23:43
Message-ID: 32F4592B-494F-4C64-A3F8-203C81BCBA83 () deployingradius ! com
[Download RAW message or body]
On Aug 30, 2021, at 9:50 AM, Pizu <pizpower@gmail.com> wrote:
> Users have multiple groups but only 1 RSSO Group per user.
Then don't use LDAP-Group for this purpose. There are other ways of getting the \
same result which are more efficient.
Use the command-line "ldapsearch" tool to find an LDAP query which returns ONLY the \
RSSO group name for a user. In recent versions of the server, there's documentation \
in mods-available/ldap on how to translate the "ldapsearch" command-line options to \
the "ldap" module configuration.
Once you have the "ldapsearch" working, you can turn this into the FreeRADIUS \
configuration. Use the ldapsearch string in a dynamic expansion:
update control {
Tmp-String-0 := "%{ldap:... search for RSSO group}"
}
Now you have the name of the LDAP group in a variable.
if (Tmp-String-0 != "") {
update reply {
&Tunnel-Type := "VLAN"
&Tunnel-Medium-Type := "IEEE-802
&Tunnel-Private-Group-Id := "943
&Class := "%{Tmp-String-0}"
}
}
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic