Dynamic Vlan Allocation based on LDAP Attribute Value
tnt at kalik.net
tnt at kalik.net
Mon Feb 16 23:50:17 CET 2009
>Am I correct in saying that the LDAP-attribute that is mapped to
>Tunnel-Private-Group-ID would need to be set to the value of the the
>VLAN I require? The LDAP-attribute that I wish to use curently
>contains values like "ITISCP" and "ENISCP". I want to say if
>attribute value == ITISCP set vlan to 226 (ie Tunnel-Private-Group-ID
>= 226). Using ldap.attrmap mappings I would need to store the
>required vlan in a LDAP attribute. (I can't change the LDAP only read
>it).
>
No. You can define your own attribute (let's say VLAN-Flag) in
raddb/dictionary and use unlang in authorize section to test and set
tunnel attributes.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list