using different LDAP queries to authorize for different services
Alan DeKok
aland at deployingradius.com
Thu Apr 3 07:59:40 CEST 2008
Chris wrote:
> What is the proper way to call a specific LDAP module based on
> NAS-IP-Address (or huntgroup, probably)?
authorize {
...
if (NAS-IP-Address == 1.2.3.4) {
ldap_1
}
elsif (NAS-IP-Address == 3.4.5.6) {
ldap_2
}
...
}
Or, use "switch". See "man unlang".
> I don't want anything other than files (for overriding LDAP for testing)
> then LDAP.
Don't use the "users" file for things like this. It doesn't know
about modules, or module order. The "unlang" parser does know.
> Obviously, I want to stay as close to the default config as possible. :)
As always, a good idea.
Alan DeKok.
More information about the Freeradius-Users
mailing list