clash between group LDAP

Rohaizam Abu Bakar haizam at myjaring.net
Thu Jul 21 09:33:51 CEST 2005


Dear all,

 I've LDAP tree structure as below, to seperate ADSL & DIALUP. But
encounter one problem.. when userA = userB, LDAP will found userA's
account although userB that actually login. This maybe due to DEFAULT
sequence in users file.

 Any idea to solve this ? thanks..


                                ou=AAA
                                     |
                                     |
                    ----------------------------------
                    |                                                 |
                 ou=ADSL                            ou=DIALUP

 dn: uid=userA,ou=ADSL,ou=AAA ...          dn: 
uid=userB,ou=DIALUP,ou=AAA....
 serviceflag: ADSL                                       serviceflag: DIALUP


 Users:
====

  DEFAULT         ldapadsl-Ldap-Group == "ADSL", Autz-Type := ADSL, 
Auth-Type := ADSL
  DEFAULT         ldapdialup-Ldap-Group == "DIALUP", Autz-Type := DIALUP, 
Auth-Type := DIALUP


 radiusd.conf
========
         ldap ldapadsl {
                 basedn = "ou=ADSL,ou=AAA,ou=People,dc=jaring,dc=my"
                 groupname_attribute = serviceflag

         }
         ldap ldapdialup {
                 basedn = "ou=DIALUP,ou=AAA,ou=People,dc=jaring,dc=my"
                 groupname_attribute = serviceflag


 authorize {

         Autz-Type ADSL {
                 ldapadsl
         }
         Autz-Type DIALUP {
                 ldapdialup
         }

 }

 authenticate {

         Auth-Type ADSL {
                 ldapadsl
         }
         Auth-Type DIALUP {
                 ldapdialup
         }

 }






More information about the Freeradius-Users mailing list