check ldap users with different client IP's
Alan DeKok
aland at deployingradius.com
Fri May 28 19:09:31 CEST 2010
Stephon Chen wrote:
> hello all
>
> I've used freeradius as the front of a LDAP server.
>
> Here, I want to allow different access rights for each LDAP group &
> client ip address
> For example below:
>
> user X in LDAP group A, from ip IP-A
> user Y in LDAP group B, from ip IP-B
Pretty much exactly that, using "unlang".
> if the user is from IP-A and user in LDAP group A, then send
> Accept-Accept packet
>
> How do this be done with freeradius?
authorize {
...
if ((User-Name == "X") && \
(LDAP-Group == "A") && \
(Packet-Src-IP-Address == IP-A)) {
... something ...
}
elseif ((User-Name == "Y") ...
... more comparisons ...
}
else {
reject
}
...
}
More information about the Freeradius-Users
mailing list