<div>Thanks Ivan!,</div>
<div> </div>
<div>can i understand it like that my group structure in LDAP is okay, and there is only need to add those to users file and it will work?<br><br>D.<br><br></div>
<div class="gmail_quote">2008/4/5 Ivan Kalik <<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>>:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">DEFAULT Ldap-Group == "GroupLetters", Pool-Name := letters<br><br>DEFAULT Ldap-Group == "GroupNumbers", Pool-Name := numbers<br>
<div class="Ih2E3d"><br>Ivan Kalik<br>Kalik Informatika ISP<br><br><br></div>Dana 5/4/2008, "David Hláčik" <david@hlacik.eu> piše:<br>
<div>
<div></div>
<div class="Wj3C7c"><br>>Hi,<br>><br>>i will describe what i am trying to achieve.<br>><br>>This is my sample ldap structure<br>><br>>users (inetOrgPerson) :<br>><br>><br>>cn=User1,ou=Users,o=Polarion<br>
>cn=User2,ou=Users,o=Polarion<br>>cn=UserA,ou=Users,o=Polarion<br>>cn=UserB,ou=Users,o=Polariong<br>>groups (GroupOfNames)<br>><br>>cn=GroupNumbers,ou=Groups,o=Polarion<br>> member=cn=User1,ou=Users,o=Polarion<br>
> member=cn=User2,ou=Users,o=Polarion<br>><br>> cn=GroupLetters,ou=Groups,o=Polarion<br>> member=cn=UserA,ou=Users,o=Polarion<br>> member=cn=UserB,ou=Users,o=Polarion<br>><br>>I want to be able to assign different poll-name per group<br>
><br>>for GroupNumbers Pool-Name number<br>>for GroupLetters Pool-Name letters<br>><br>>How can i achieve this without adding any attribute to user entry? (users<br>>have access to their dn, so they will be able to change it - this is what i<br>
>want to block! , i know i can set readonly access in slapd.conf, but this is<br>>not what i want)<br>><br>>1) One scenario i was thinking of is to add in radius to users file :<br>><br>>DEFAULT Pool-Name == numbers, Ldap-Group<br>
>== cn=GroupNumbers,ou=Groups,o=Polarion<br>> Fall-Through = no<br>><br>>DEFAULT NAS-Port-Type == letters, Ldap-Group ==<br>>cn=GroupLetters,ou=Groups,o=Polarion<br>> Fall-Through = no<br>><br>>But what i need to add to ldap - configuration part in order to make it<br>
>work?<br>><br>>Thanks very very much for help!<br>><br>>Regards,<br>><br>>David<br>>On Wed, Apr 2, 2008 at 12:13 PM, Ivan Kalik <<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>> wrote:<br>><br>
>> >So if i understand clear a i need to name and configure ip pool parts in<br>>> >radius.conf and than use this name as a Pool-Name in LDAp P?<br>>><br>>> Yes.<br>>><br>>> >Is there a<br>
>> >chance to specify range directly in LDAP and not in ip pool?<br>>> ><br>>><br>>> No, but there is sqlippool. Or use DHCP on your NAS. Or define IP pools<br>>> on the NAS and select them with Framed-Pool if your NAS supports it.<br>
>> Cisco doesn't but you can set IP pool with avpairs.<br>>><br>>> Ivan Kalik<br>>> Kalik Informatika ISP<br>>><br>>> -<br>>> List info/subscribe/unsubscribe? See<br>>> <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
>><br>><br>><br><br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></div></div></blockquote></div>
<br>