Authorization

Dusty Doris freeradius at mail.doris.cc
Tue Dec 20 03:31:37 CET 2005


>
> Thanks for your fine input and the reminder on the index (I completely
> forgot about that).  I'll give the ldap module filter a go with the
> attr_rewrite.  I like keeping attributes with the user object, rather
> than spreading usernames around to various other objects.  With this
> implementation, to me, the extra benefit is that I can just add a
> radiusGroupName attribute = X to each user object.

You can also use the ldap-group variable that I showed you before on the 
user level by defining the groupmembership_attribute.  By default its 
radiusGroupname, so that should already work for you.  So either way 
should work for you, personally, I like having it in the filter as your 
example showed.  I am doing that now in a little different way.  I'll 
write it up someday.

> BTW, on the attr_rewrite, can I use more advanced regex than just
> ................: ?  It works and always will work, but it would be
> more clear in the config file if I could say
> "([A-F0-9]{2})-([A-F0-9]{2})-([A-F0-9]{2})-([A-F0-9]{2})-([A-F0-9]{2})-([A-F0-9]{2}):"
> or something to that effect...  I couldn't get ANY regex to work
> except the .  Does that seem right?
>
> Stefan

Unfortunately, I don't know too much about attr_rewrite, but I'm sure some 
others on this list could help with that one.  It looks about right to me.




More information about the Freeradius-Users mailing list