LDAP usage
John Dennis
jdennis at redhat.com
Wed Dec 11 18:20:21 CET 2013
On 12/11/2013 11:20 AM, Jean Carlos Coelho wrote:
> Hi,
>
> Is there some way to configure ldap at radius to read only object
> classes and not groups? To allow or reject the access to some destination?
This question makes no sense because everything in LDAP belongs to an
object class. You can't have LDAP data that isn't in an object class.
You can change the LDAP searches to return whatever you want. Figure out
what you want, modify the search, and act upon the result using unlang.
There examples on how to do this in the archives of this list.
Hint: use the ldapsearch command line tool to figure out how to
construct your search, then paste that search into your radius config.
--
John
More information about the Freeradius-Users
mailing list