28 Aug
2015
28 Aug
'15
8:49 a.m.
On Aug 28, 2015, at 8:02 AM, Mart Pirita <mart@e-positive.ee> wrote:
But main idea is that ldap just does the authentication yes/no and that's it, nothing more.
So... LDAP is an authentication server?
Everything else (who can access and with what rights) is in the radius config only. Is this possible?
And RADIUS contains that database of user rights? You can do that, but it's a bit backwards from the normal process.
Same question, how to do it without ldap groups?
You write down what you want, then implement it in unlang. For RADIUS groups, see "man rlm_passwd". Alan DeKok.