RADIUS reading LDAP attributes
Sigurd Foshaug
foshaug at gmail.com
Thu Aug 26 09:28:13 CEST 2010
Hi all,
I have a freeradius 2.1.3 running and I can successfully authenticate users.
I would like to use a users LDAP attribute so I can provide them with
different permissions on the proxy server.
I have currently mapped a RADIUS attribute to the LDAP attribute and it
successfully reads the attribute when a user is authenticating.
>From radiusd -X:
rlm_ldap: description -> My-Local-LDAP-Comment = "STAFF"
So the user in question has STAFF as a comment in his ldap description
attribute.
I have added the My-Local-LDAP-Comment into the raddb/dictionary file like
this:
ATTRIBUTE My-Local-LDAP-Comment 3000 string
and in the raddb/ldap.attrmap I have added:
replyItem My-Local-LDAP-Comment description
Now, what I am failing to understand is how I can get the proxy server to
receive the My-Local-LDAP-Comment attribute from RADIUS,
so I can make rules depending on its contents?
Any suggestions on what to do, or which documentation to read would be
appreciated.
Thanks,
Sigurd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100826/e204758d/attachment.html>
More information about the Freeradius-Users
mailing list