attribute checking with AD
Stefan Winter
freeradius-users-ml at stefan-winter.de
Wed Jul 20 16:19:04 CEST 2005
Hello,
after having almost successfully set-up authorize {} and authenticate {}
section to do AD clear-text logins, only a small problem remains:
We want to allow access for only a subset of the AD users. These users are
distinguished from the others by the following criterion (you don't want to
know why):
if the AD attribute "Department" begins with the character "7", the user is
allowed access, otherwise not.
So far I mapped "Department" as a checkItem to one of our Vendor-Specific
attributes in ldap.attrmap and _wanted_ to do regexp matching in the users
file for that Vendor-Specific attribute after authorize->ldap passed through.
DEFAULT Our-Vendor-Specific-Thing =~ [^7].*, Auth-Type := Reject
This doesn't work (sorry, no debug output available, not my machine). Now I
wonder: is there another possibility to do regexp matching against items that
are retrieved from AD or LDAP? Unfortunately just checking the attributes
delivered by the NAS is not enough.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: stefan.winter at restena.lu tél.: +352 424409-1
http://www.restena.lu fax: +352 422473
More information about the Freeradius-Users
mailing list