How to add VAP based on LDAP group membership
Anirudh Malhotra
8zero2ops at gmail.com
Wed Jan 20 15:14:58 CET 2016
You can always use ldap xlat
http://wiki.freeradius.org/modules/rlm_ldap
BR,
Anirudh Malhotra
8zero2
Mail: 8zero2.in at gmail.com
Facebook: www.facebook.com/8zero2
Twitter: @8zero2_in
Blog: blog.8zero2.in
On 20 Jan 2016, 19:42 +0530, Thomas Stather<Thomas.Stather at mpimf-heidelberg.mpg.de>, wrote:
> Hello
>
> To be more specific i want to achieve this:
>
> if (Realm == "testdomain.de") {
>
> if (calling-station-id ->found in ldap *){
> update reply {
> Aruba-User-Vlan = "31"
> }
> else
> update reply {
> Aruba-User-Vlan = "32"
> }
> }
>
>
> * the mac-address can be found in the ou:hosts with the attribute name
> "macAddress". The format is aa:bb:cc:dd:ee:ff so the calling-station-id
> needs to be converted somehow.
>
> What i am looking for is the unlang part of the "calling-station-id -
> found in ldap" query.
>
> Best,
>
> Thomas
>
> Am 14.01.2016 um 16:25 schrieb Alan DeKok:
> > On Jan 14, 2016, at 10:04 AM, Thomas Stather<Thomas.Stather at mpimf-heidelberg.mpg.de>wrote:
> > > I have a RADIUS setup (eduroam) where the users are authenticated against LDAP (mod_ldap, not ntlm_auth) for our own domain. All other users are proxied to a RadSec proxy.
> > > This works fine, but now we need the possibility to replace the Aruba-User-VLAN VAP with a different VLAN ID, if some users from our domain can be found in a special LDAP group (i.e. cn=testgroup). If not, the users should get assigned the Aruba-User-VLAN VAP 31.
> > >
> > > What do i have to change in my setup in order to make this work?
> > Write down the rules in procedural form. Then translate them to unlang.
> >
> > if (my realm) {
> > if (ldap group == test group ) {
> > VLAN VAP 31
> > }
> > else {
> > VLAN VAP
> > }
> > }
> >
> > It's really that simple.
> >
> > Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> --
> Thomas Stather
> IT Services
>
> Tel: +49 6221-486 628
> Fax: +49 6221-486 561
>
> ------------------------------------------------------------------------
> Max Planck Institute for Medical Research (MPImF)
> Jahnstrasse 29, 69120 Heidelberg
> Germany
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list