Hi Phil,

Thank you so much for responding with your recommendations.. The Ldap config varies only by Server IP, Base DN and password.. If I use option #2, how does Free Radius know which OU to plug in when authorizing users?  Does that mean users have to enter their fully qualified login name ?

Maybe Option #1 is good if I check for Calling Station ID in the "if" statement in the authorize section? 

Thank you for your patience again with my questions.. I wasn't sure what to call what I am trying to do, so couldn't find exact documentation on it.. Do you have a link where I can find out more info on how to do this?  THANK YOU SOOO MUCH.

Doreen

On Wed, Sep 22, 2010 at 3:50 PM, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
On 09/22/2010 09:58 PM, Ziggy Bopster wrote:
Hello All.

Please help.. Any suggestions on where I should start?  Thank you very
much for your help!!


You have two options:

First, create >1 instance of the ldap module. Use conditional statements in the authorize section to do your ldap queries. For example:

modules/my_ldap:

ldap staff_ldap {
 ... ldap config
}

ldap other_ldap {
 ... ldap config
}

sites-available/...

authorize {
 ...
 if (...) {
   staff_ldap
 }
 elsif (...) {
   other_ldap
 }
 ...
}



The other option - if only a small amount of config varies, the ldap module expands some of it's config. For example:

modules/ldap:

ldap {
 basedn = "ou=%{Tmp-String-0},ou=MyOrg,c=US"
 ...
}

sites-available/...

authorize {
 if (...) {
   update request {
     Tmp-String-0 = "Staff"
   }
 }
 elsif (...) {
   update request {
     Tmp-String-0 = "..."
   }
 }
}


...when the LDAP module is executed the basedn will be expanded dynamically and search based on what you've configured.

Most of this is documented. Have you read the docs?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html