<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>I have configured freeradius successfully to authenticate users using IEEE802.1x && openLDAP as a back-end DB.<br><br>I have seen that we can add `ldap` to the authorize section like this:<br><br>authorize {
<br> ...
<br> ldap
<br> ...
<br>}
<br>and we can forbid some users according to openLDAP attribute <br><br>authorize {
<br> ...
<br> ldap
<br> if (reply:Eduroam-Enabled != "Y") {
<br> reject
<br> }
<br> ...
<br>}
<br><br>But what if we want to do authorization like this:<br><br>We have multiple web servers:<br><br>192.168.1.5<br>192.168.1.6<br>192.168.1.7<br><br>And we want only some users to have access to `192.168.1.5` web server, how can we forbid other users to access this web server or restrict this web servers to some users according to openLDAP attribute or openLDAP group?<br><br>Is there could be done using "authorize" section or "post-auth" section? (provide me with links please)<br><br> </div></body>
</html>