On Apr 2, 2008, at 5:52 PM, Alan DeKok wrote:
Sylvain Robitaille wrote:
What I'm aiming to accomplish, however, is that the FreeRADIUS server will authorize users for different services based on a slightly different LDAP query. The users are in various groups, which can be checked by supplying an LDAP query filter that checks the "memberOf" attribute; Users in group "wireless" should be permitted to use the wireless service; users in group "vpn" should be able to use the VPN service; users in both groups could use either, and users in neither group should be refused for either, etc.
You should be able to do this with multiple LDAP modules, or maybe by dynamically editing the ldap query.
... Running radiusd in debug mode shows that the ldap module is using the configuration for its un-named instance (the default one from the stock config files, with minimal configuration to permit it to lookup users in our LDAP).
You have to change the reference to "ldap" in sites-available/ default. to the instance name. e.g. "ldap_wireless".
I'm looking to do something similar. What is the proper way to call a specific LDAP module based on NAS-IP- Address (or huntgroup, probably)? I don't want anything other than files (for overriding LDAP for testing) then LDAP. Obviously, I want to stay as close to the default config as possible. :)