need a little help with ldap groupings
Mark Jayson R. Alvarez
jayson at asti.dost.gov.ph
Wed May 3 10:38:44 CEST 2006
Hi,
I have grouped my users in ldap using "groupofNames" objectclass.
now one group of users which I only want to allow to authenticate to the
radius server has a dn of:
dn: cn=radiususers,ou=groups,o=example,dc=com
It has "member" attributes such as:
member: uid=user2,ou=people,o=example,dc=com
member: uid=user3,ou=people,o=example,dc=com
member: uid=user4,ou=people,o=example,dc=com
member: uid=user5,ou=people,o=example,dc=com
In my radiusd.conf I have these lines:
groupname_attribute = cn
groupmembership_filter = "(|(&(objectClass=GroupOfNames)
(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)
(uniquemember=%{Ldap-UserDn})))"
However, I'm not sure where to specify that only the member of the
group "radiususer" is allowed to authenticate...
Although I can simply add an dialupAccess attribute to each user I only want
to allow, It is difficult because I have so many users... If only there's a
way to just tell radius to only allow the member of this group....
Please help..
thanks.
More information about the Freeradius-Users
mailing list