Hi Phil, Thank you so much for responding with your recommendations.. The Ldap config varies only by Server IP, Base DN and password.. If I use option #2, how does Free Radius know which OU to plug in when authorizing users? Does that mean users have to enter their fully qualified login name ? Maybe Option #1 is good if I check for Calling Station ID in the "if" statement in the authorize section? Thank you for your patience again with my questions.. I wasn't sure what to call what I am trying to do, so couldn't find exact documentation on it.. Do you have a link where I can find out more info on how to do this? THANK YOU SOOO MUCH. Doreen On Wed, Sep 22, 2010 at 3:50 PM, Phil Mayers <p.mayers@imperial.ac.uk>wrote:
On 09/22/2010 09:58 PM, Ziggy Bopster wrote:
Hello All.
Please help.. Any suggestions on where I should start? Thank you very much for your help!!
You have two options:
First, create >1 instance of the ldap module. Use conditional statements in the authorize section to do your ldap queries. For example:
modules/my_ldap:
ldap staff_ldap { ... ldap config }
ldap other_ldap { ... ldap config }
sites-available/...
authorize { ... if (...) { staff_ldap } elsif (...) { other_ldap } ... }
The other option - if only a small amount of config varies, the ldap module expands some of it's config. For example:
modules/ldap:
ldap { basedn = "ou=%{Tmp-String-0},ou=MyOrg,c=US" ... }
sites-available/...
authorize { if (...) { update request { Tmp-String-0 = "Staff" } } elsif (...) { update request { Tmp-String-0 = "..." } } }
...when the LDAP module is executed the basedn will be expanded dynamically and search based on what you've configured.
Most of this is documented. Have you read the docs? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html