OpenLDAP Groups
Alan DeKok
aland at deployingradius.com
Mon Oct 21 18:17:16 CEST 2013
Jean Carlos Coelho wrote:
> No I am trying to use (configure) something like this
I gave you an example of how to do it. You need to read "man unlang",
and the debug output. Put the two together.
> Wifi lan = 10.10.10.0/24 (company vlan22 [mngmt = vlan1])
> Cable lan = 192.168.0.0/24 (company vlan23 [mngmt = vlan1])
> Net academy (all school) = 172.16.5.10 (vlan5)
>
> If access TO mngmt switch (or WLC) is from
> vlan22 or vlan23 and primary ldap group for user john equals "ti"
> Then set admin vlan1 mngmt
> And access ok (wlc or switch)
> Else
> Reject
This can be done almost exactly as you've written it above. You need
to read the debug output to get the attribute names and values. Then,
write it in "unlang".
It really is that simple.
Alan DeKok.
More information about the Freeradius-Users
mailing list