Access-Accept / Access-Reject based on LDAP Group & SSID
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Sat Mar 21 16:08:27 CET 2015
> On 21 Mar 2015, at 10:45, Ben Humpert <ben at an3k.de> wrote:
>
> Ok, went on to 3.0.7 and will try it with that version. Looks much
> easier now. Didn't knew THAT much has changed. Really like how the
> ldap module got improved! Great job!
Thanks. It got rewritten twice from v2.x.x. Alan did the first pass
to untangle the awful spaghetti code, and I did the second pass to
make it sane.
For what you want to do, i'd recommend turning on the group name
caching, and checking the values of the group cache attribute directly
at some point after calling ldap in authorize.
You may also want to use rlm_cache to temporarily store group
memberships if your users are members of a large number of groups and
either the memberships are stored in the group objects, or the group
membership attributes in the user objects contain DNs.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150321/7ffe2ee0/attachment.sig>
More information about the Freeradius-Users
mailing list