Hello, i’m looking for a way to have my huntgroups
defined in LDAP similar to the way they are in SQL.
For example if a user belongs to Ldap-Group vpn, the Group in
ldap contains an attribute containing the huntgroup names which the Group gives
access to.
I tried adding ‘checkItem Huntgroup-Name’ info
to my ldap.attrmap with attribute ‘info’ having value: ‘=~ ^(vpn|sslvpn)$’
(without succes)
I had success with the following setup:
In users:
DEFAULT Huntgroup-Name == vpn, Ldap-Group == vpn
Fall-Through
= no
DEFAULT Huntgroup-Name == sslvpn, Ldap-Group == sslvpn
Fall-Through
= no
DEFAULT Auth-Type := Reject
This allows to specify which user has access to which
nasgroup by adding groupmemberships to the user. But it breaks the users
existing in SQL.
I could off course also add the specific SQL-Groups into the
users file but this would still require a reorganisation of the SQL users since
they only have a Huntgroup-Name attribtue for there grouplevel which specifies
multiple huntgroups by using regexp.
I’m kinda stuck in how to implement it. Any advice
would be greatly appreciated.
J.