Authorization
Dusty Doris
freeradius at mail.doris.cc
Tue Dec 20 03:31:37 CET 2005
>
> Thanks for your fine input and the reminder on the index (I completely
> forgot about that). I'll give the ldap module filter a go with the
> attr_rewrite. I like keeping attributes with the user object, rather
> than spreading usernames around to various other objects. With this
> implementation, to me, the extra benefit is that I can just add a
> radiusGroupName attribute = X to each user object.
You can also use the ldap-group variable that I showed you before on the
user level by defining the groupmembership_attribute. By default its
radiusGroupname, so that should already work for you. So either way
should work for you, personally, I like having it in the filter as your
example showed. I am doing that now in a little different way. I'll
write it up someday.
> BTW, on the attr_rewrite, can I use more advanced regex than just
> ................: ? It works and always will work, but it would be
> more clear in the config file if I could say
> "([A-F0-9]{2})-([A-F0-9]{2})-([A-F0-9]{2})-([A-F0-9]{2})-([A-F0-9]{2})-([A-F0-9]{2}):"
> or something to that effect... I couldn't get ANY regex to work
> except the . Does that seem right?
>
> Stefan
Unfortunately, I don't know too much about attr_rewrite, but I'm sure some
others on this list could help with that one. It looks about right to me.
More information about the Freeradius-Users
mailing list