How do I have one Freeradius server hosting multiple ldap instances and associate each SSID with particular LDAP instance to authenticate
Phil Mayers
p.mayers at imperial.ac.uk
Thu Sep 23 00:50:30 CEST 2010
On 09/22/2010 09:58 PM, Ziggy Bopster wrote:
> Hello All.
>
> Please help.. Any suggestions on where I should start? Thank you very
> much for your help!!
>
You have two options:
First, create >1 instance of the ldap module. Use conditional statements
in the authorize section to do your ldap queries. For example:
modules/my_ldap:
ldap staff_ldap {
... ldap config
}
ldap other_ldap {
... ldap config
}
sites-available/...
authorize {
...
if (...) {
staff_ldap
}
elsif (...) {
other_ldap
}
...
}
The other option - if only a small amount of config varies, the ldap
module expands some of it's config. For example:
modules/ldap:
ldap {
basedn = "ou=%{Tmp-String-0},ou=MyOrg,c=US"
...
}
sites-available/...
authorize {
if (...) {
update request {
Tmp-String-0 = "Staff"
}
}
elsif (...) {
update request {
Tmp-String-0 = "..."
}
}
}
...when the LDAP module is executed the basedn will be expanded
dynamically and search based on what you've configured.
Most of this is documented. Have you read the docs?
More information about the Freeradius-Users
mailing list