overwriting ldap radiusprofile according to realms?

Markus Krause krause at biochem.mpg.de
Mon Jan 8 08:33:02 CET 2007


Hi list,

we are storing our user data in openLDAP with a radiusProfileDN
attribute, which is sent back by the freeradius server (v.1.1.3, on
SLES10) as expected. The profile contains information for the vlan of
user.
We now would like to have the possibility to let the user login in a
special vlan (the "internetcafe") and thought of doing this with
realms, which means the user has to login with "username" or
"username at ic", setting the following in the users file:

---- /etc/raddb/users
DEFAULT User-Name =~ "@ic$", User-Profile :=
"cn=InternetCafe,ou=Netconfig,o=Test"
----

This works if the users has no radiusprofileDN stored in LDAP, but if he
has such an attribute the profile data from the user is used, not the
"cn=InternetCafe".

How can I overwrite the value for radiusprofiledn if the user appends
"@ic" to this username?
Or is there a better way to achieve this (changing the profile data /  
vlan according to
login)?

Thanks in advance for any help!

Reagards
    Markus


-- 
Markus Krause                                   email: krause at biochem.mpg.de
Mogli-Soft: Support for Mac OS X, Webmail/Horde, LDAP, RADIUS
by order of the Computing Center of the Max-Planck-Institute of Biochemistry
Tel.: 089 - 89 40 85 99                         Fax.: 089 - 89 40 85 98

----------------------------------------------------------------------
      This message was sent using https://webmail2.biochem.mpg.de
If you encounter any problems please report to rz-linux at biochem.mpg.de






More information about the Freeradius-Users mailing list