Hi Phil,
Thank you so much for responding with your recommendations.. The Ldap config varies only by Server IP, Base DN and password.. If I use option #2, how does Free Radius know which OU to plug in when authorizing users? Does that mean users have to enter their fully qualified login name ?
Maybe Option #1 is good if I check for Calling Station ID in the "if" statement in the authorize section?
Thank you for your patience again with my questions.. I wasn't sure what to call what I am trying to do, so couldn't find exact documentation on it.. Do you have a link where I can find out more info on how to do this? THANK YOU SOOO MUCH.
Doreen
On 09/22/2010 09:58 PM, Ziggy Bopster wrote:You have two options:
Hello All.
Please help.. Any suggestions on where I should start? Thank you very
much for your help!!
First, create >1 instance of the ldap module. Use conditional statements in the authorize section to do your ldap queries. For example:
modules/my_ldap:
ldap staff_ldap {
... ldap config
}
ldap other_ldap {
... ldap config
}
sites-available/...
authorize {
...
if (...) {
staff_ldap
}
elsif (...) {
other_ldap
}
...
}
The other option - if only a small amount of config varies, the ldap module expands some of it's config. For example:
modules/ldap:
ldap {
basedn = "ou=%{Tmp-String-0},ou=MyOrg,c=US"
...
}
sites-available/...
authorize {
if (...) {
update request {
Tmp-String-0 = "Staff"
}
}
elsif (...) {
update request {
Tmp-String-0 = "..."
}
}
}
...when the LDAP module is executed the basedn will be expanded dynamically and search based on what you've configured.
Most of this is documented. Have you read the docs?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html