frammed ip adress

David Hláčik david at hlacik.eu
Sat Apr 5 16:38:02 CEST 2008 

Hi,

i will describe what i am trying to achieve.

This is my sample ldap structure

users (inetOrgPerson) :


cn=User1,ou=Users,o=Polarion
cn=User2,ou=Users,o=Polarion
cn=UserA,ou=Users,o=Polarion
cn=UserB,ou=Users,o=Polariong
groups (GroupOfNames)

cn=GroupNumbers,ou=Groups,o=Polarion
      member=cn=User1,ou=Users,o=Polarion
      member=cn=User2,ou=Users,o=Polarion

 cn=GroupLetters,ou=Groups,o=Polarion
      member=cn=UserA,ou=Users,o=Polarion
      member=cn=UserB,ou=Users,o=Polarion

I want to be able to assign different poll-name per group

for GroupNumbers Pool-Name number
for GroupLetters Pool-Name letters

How can i achieve this without adding any attribute to user entry? (users
have access to their dn, so they will be able to change it - this is what i
want to block! , i know i can set readonly access in slapd.conf, but this is
not what i want)

1) One scenario i was thinking of is to add in radius to users file :

DEFAULT Pool-Name == numbers, Ldap-Group
== cn=GroupNumbers,ou=Groups,o=Polarion
  Fall-Through = no

DEFAULT NAS-Port-Type == letters, Ldap-Group ==
cn=GroupLetters,ou=Groups,o=Polarion
  Fall-Through = no

But what i need to add to ldap - configuration part in order to make it
work?

Thanks very very much for help!

Regards,

David
On Wed, Apr 2, 2008 at 12:13 PM, Ivan Kalik <tnt at kalik.net> wrote:

> >So if i understand clear a i need to name and configure ip pool parts in
> >radius.conf and than use this name as a Pool-Name in LDAp P?
>
> Yes.
>
> >Is there a
> >chance to specify range directly in LDAP and not in ip pool?
> >
>
> No, but there is sqlippool. Or use DHCP on your NAS. Or define IP pools
> on the NAS and select them with Framed-Pool if your NAS supports it.
> Cisco doesn't but you can set IP pool with avpairs.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>  -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080405/f51f02d6/attachment.html>

More information about the Freeradius-Users mailing list