Reply-Items in Ldap-Group
Giovanni Lovato
giovanni.lovato at aldu.net
Wed Apr 30 10:34:50 CEST 2008
Giovanni Lovato wrote:
> Ranner, Frank MR wrote:
>>> -----Original Message-----
>>> From:
>>> freeradius-users-bounces+frank.ranner=defence.gov.au at lists.fre
>> eradius.org [mailto:freeradius-users->
>> bounces+frank.ranner=defence.gov.au at lists.freeradius.org] On
>>> Behalf Of Giovanni Lovato
>>> Sent: Saturday, 1 March 2008 11:23
>>> To: FreeRadius users mailing list
>>> Subject: Reply-Items in Ldap-Group
>>>
>>> I wish to assign various Reply-Items to a group defined in LDAP, and
>>> then configuring FreeRADIUS to fetch those Reply-Items whenever a user
>>> belonging to that group authenticates. Is that possible?
>>>
>>> Thank you!
>>>
>> You can use an indirect method:
>>
>> In users you can specify:
>>
>> DEFAULT Ldap-Group == "netops",
>> User-Profile:='cn=netops,ou=profiles,dc=example'
>
> Ok, thank you very much. Can I place that `User-Profile' attribute
> directly in the LDAP user dn? I tried but it didn't work. I wish not to
> modify `users' file, but only LDAP if possible!
I found a very simple way to do this:
1. in radiusd.conf uncomment: profile_attribute = "radiusProfileDn"
2. in LDAP entries, add `radiusProfileDn' attribute and fill it with the
DN of the entry where RADIUS Reply-Items are defined.
Bye,
Giovanni Lovato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3436 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080430/e3f308f2/attachment.bin>
More information about the Freeradius-Users
mailing list