How do I have one Freeradius server hosting multiple ldap instances and associate each SSID with particular LDAP instance to authenticate

Ziggy Bopster ziggybopster at gmail.com
Thu Sep 23 16:08:02 CEST 2010 

Hi Phil,

Thank you so much for responding with your recommendations.. The Ldap config
varies only by Server IP, Base DN and password.. If I use option #2, how
does Free Radius know which OU to plug in when authorizing users?  Does that
mean users have to enter their fully qualified login name ?

Maybe Option #1 is good if I check for Calling Station ID in the "if"
statement in the authorize section?

Thank you for your patience again with my questions.. I wasn't sure what to
call what I am trying to do, so couldn't find exact documentation on it.. Do
you have a link where I can find out more info on how to do this?  THANK YOU
SOOO MUCH.

Doreen

On Wed, Sep 22, 2010 at 3:50 PM, Phil Mayers <p.mayers at imperial.ac.uk>wrote:

> On 09/22/2010 09:58 PM, Ziggy Bopster wrote:
>
>> Hello All.
>>
>> Please help.. Any suggestions on where I should start?  Thank you very
>> much for your help!!
>>
>>
> You have two options:
>
> First, create >1 instance of the ldap module. Use conditional statements in
> the authorize section to do your ldap queries. For example:
>
> modules/my_ldap:
>
> ldap staff_ldap {
>  ... ldap config
> }
>
> ldap other_ldap {
>  ... ldap config
> }
>
> sites-available/...
>
> authorize {
>  ...
>  if (...) {
>    staff_ldap
>  }
>  elsif (...) {
>    other_ldap
>  }
>  ...
> }
>
>
>
> The other option - if only a small amount of config varies, the ldap module
> expands some of it's config. For example:
>
> modules/ldap:
>
> ldap {
>  basedn = "ou=%{Tmp-String-0},ou=MyOrg,c=US"
>  ...
> }
>
> sites-available/...
>
> authorize {
>  if (...) {
>    update request {
>      Tmp-String-0 = "Staff"
>    }
>  }
>  elsif (...) {
>    update request {
>      Tmp-String-0 = "..."
>    }
>  }
> }
>
>
> ...when the LDAP module is executed the basedn will be expanded dynamically
> and search based on what you've configured.
>
> Most of this is documented. Have you read the docs?
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100923/4c81c0c1/attachment.html>

More information about the Freeradius-Users mailing list