Hi,
i will describe what i am trying to achieve.
This is my sample ldap structure
users (inetOrgPerson) :
cn=User1,ou=Users,o=Polarion
cn=User2,ou=Users,o=Polarion
cn=UserA,ou=Users,o=Polarion
cn=UserB,ou=Users,o=Polariong
groups (GroupOfNames)
cn=GroupNumbers,ou=Groups,o=Polarion
member=cn=User1,ou=Users,o=Polarion
member=cn=User2,ou=Users,o=Polarion
cn=GroupLetters,ou=Groups,o=Polarion
member=cn=UserA,ou=Users,o=Polarion
member=cn=UserB,ou=Users,o=Polarion
I want to be able to assign different poll-name per group
for GroupNumbers Pool-Name number
for GroupLetters Pool-Name letters
How can i achieve this without adding any attribute to user entry? (users have access to their dn, so they will be able to change it - this is what i want to block! , i know i can set readonly access in slapd.conf, but this is not what i want)
1) One scenario i was thinking of is to add in radius to users file :
DEFAULT Pool-Name == numbers, Ldap-Group == cn=GroupNumbers,ou=Groups,o=Polarion
Fall-Through = no
DEFAULT NAS-Port-Type == letters, Ldap-Group == cn=GroupLetters,ou=Groups,o=Polarion
Fall-Through = no
But what i need to add to ldap - configuration part in order to make it work?
Thanks very very much for help!
Regards,
David
On Wed, Apr 2, 2008 at 12:13 PM, Ivan Kalik <
tnt@kalik.net> wrote:
>So if i understand clear a i need to name and configure ip pool parts in
>radius.conf and than use this name as a Pool-Name in LDAp P?
Yes.
>Is there a
>chance to specify range directly in LDAP and not in ip pool?
>
No, but there is sqlippool. Or use DHCP on your NAS. Or define IP pools
on the NAS and select them with Framed-Pool if your NAS supports it.
Cisco doesn't but you can set IP pool with avpairs.
Ivan Kalik
Kalik Informatika ISP