Huntgroupname checkitem in LDAP
Jonathan De Graeve
Jonathan.De.Graeve at imelda.be
Mon Oct 16 17:18:07 CEST 2006
Hello, i'm looking for a way to have my huntgroups defined in LDAP
similar to the way they are in SQL.
For example if a user belongs to Ldap-Group vpn, the Group in ldap
contains an attribute containing the huntgroup names which the Group
gives access to.
I tried adding 'checkItem Huntgroup-Name' info to my ldap.attrmap with
attribute 'info' having value: '=~ ^(vpn|sslvpn)$' (without succes)
I had success with the following setup:
In users:
DEFAULT Huntgroup-Name == vpn, Ldap-Group == vpn
Fall-Through = no
DEFAULT Huntgroup-Name == sslvpn, Ldap-Group == sslvpn
Fall-Through = no
DEFAULT Auth-Type := Reject
This allows to specify which user has access to which nasgroup by adding
groupmemberships to the user. But it breaks the users existing in SQL.
I could off course also add the specific SQL-Groups into the users file
but this would still require a reorganisation of the SQL users since
they only have a Huntgroup-Name attribtue for there grouplevel which
specifies multiple huntgroups by using regexp.
I'm kinda stuck in how to implement it. Any advice would be greatly
appreciated.
J.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20061016/e2111923/attachment.html>
More information about the Freeradius-Users
mailing list