On Tue, Feb 10, 2009 at 1:54 PM, kevin leblanc <kevinzebeste@gmail.com> wrote:
To remember : I want only user1 can access to host1.

To illustrate it:
                root
                 |   
        ------------------
        |                |   
      hosts         users   
        |                |
    --------        ----------   
    |                |        |
  host1       user1  user2
    |
    |  members:
    |
 user1
           

I find a possible way.

in radiusd.conf, I put:
groupname_attribute = "cn"
group_membership_filter = (|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))

In the users file, I put:
Ldap-Group == "XXXXX" Auth-Type:= LDAP

XXXXX will be the IP/hostname of the host which try to connect.

Is there any variable like %{LDAP-UserDN} which could give me this information ??

thanks for any help


--
KeV

I found the variable %{Client-IP-Address} which gives me host's ip.
But is there any way to get the hostname instead of the ip ?
By hostname, I mean the real hostname, not this defined in clients.conf with the attribute shortname.

Other question, I don't want to store the identity/password attributes in radiusd.conf for security reasons.
I tried with the line below in the users file, but that doesn't work :
DEFAULT Ldap-UserDN := `uid=%{User-Name},ou=people,dc=company,dc=com`
Any idea ?

Thanks


--
KeV