grouping services - LDAP

Rohaizam Abu Bakar haizam at myjaring.net
Wed Jul 20 04:12:01 CEST 2005 

Hi all,

Using Freeradius 1.0.4 (FB 4.11)


I want to grouping between dialup & adsl... refer to users file below by if if Ldap-Group ==ADSL is found, should authenticate/authorize by "ldapadsl" and if not found, assuming dialup user and should authenticate/authorize by "ldap1/ldap2" (DIALUP)

But the problem, referring to debug log.. doesn't matter whether Ldap-Group=ADSL is found or not, it still check at both ldap1/ldap2 & ldapadsl i.e checking "adslAccess & dialAcess" atttribute.

What i want is that.. If Ldap-Group ==ADSL is found,  it should be handled by  "ldapadsl" and not checking "ldap1/ldap2" and same goes when not found, it will be handled by "ldap1/ldap2" and not checking "ldapadsl"


anyone can help.?? thanks

--haizam



##################################
users file:

DEFAULT         Ldap-Group == "ADSL", Auth-Type := ADSL

DEFAULT         Auth-Type := LDAP

#####################################################################3
Debug:-

rlm_ldap: performing search in ou=RADIUS,ou=People,dc=jaring,dc=my, with filter (&(jaringConnectionType=ADSL)(&(uid=organza)(objectclass=radiusprofile)))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap::ldap_groupcmp: Group ADSL not found or user is not a member.
    users: Matched entry DEFAULT at line 147
.
.
.
rlm_ldap: checking if remote access for organza is allowed by dialupAccess
.
..
rlm_ldap: no adslAccess attribute - access denied by default


############################
authenticate {

        Auth-Type LDAP {
                redundant {
                        ldap1
                        ldap2
                }
        }



        Auth-Type ADSL {
                ldapadsl
        }

}

#############################
authorize {

        redundant {
                ldap1
                ldap2
        }
        ldapadsl
}


#####################################
ldap ldap1 {
                server = "10.1.1.1"
                basedn = "ou=RADIUS,ou=People,dc=jaring,dc=my"
                access_attr = "dialupAccess"
                 groupname_attribute = jaringConnectionType
                  groupmembership_filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile))"
        }


ldap ldap2 {
                server = "10.1.1.2"
                basedn = "ou=RADIUS,ou=People,dc=jaring,dc=my"
                access_attr = "dialupAccess"
                 groupname_attribute = jaringConnectionType
                  groupmembership_filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile))"
        }


ldap adsl {
                server = "10.1.1.3"
                basedn = "ou=ADSL,ou=People,dc=jaring,dc=my"
                access_attr = "adslAccess"
                 groupname_attribute = jaringConnectionType
                  groupmembership_filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(objectclass=radiusprofile))"
        }

############################################
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050720/151fd7ca/attachment.html>

More information about the Freeradius-Users mailing list