Personalizing ldap filters from users file
Angel L. Mateo
amateo at um.es
Mon Nov 19 10:48:30 CET 2012
Hello,
I have freeradius (2.2.0) using ldap as backend for user information.
This radius server is used by different applications to authenticate and
authorize users. I want now to use different ldap filters for different
applications.
In LDAP I'm using SCHAC schema and schacUserStatus is a multivalue
attribute (in URN format) indicating services that the user has enabled
or disabled in the way:
dn: uid=user,<basedn>
uid: user
schacUserStatus: <urn prefix>:dovecot:enabled
schacUserStatus: <urn prefix>:eduroam:enabled
schacUserStatus: <urn prefix>:vpn:disabled
...
What I want is to define ldap filter as:
ldap {
...
filter = "(&(mail=%{User-Name})(schacUserStatus=<urn prefix>:
%{X-Atica-Service}:enabled))"
...
}
where "X-Atica-Service" is a private attribute (of type string) I have
defined in dictionary, and this attribute is defined in users file for
the each with something like:
DEFAULT X-Actica-Service = 'vpn', Auth-Type = LDAP, Realm == um.es
User-Name := `%{User-Name}`,
Fall-Through = No
But this does not work.
As I have a virtual server for each service radius is authenticating I
don't mind defining this attribute in virtual server configuration. What
I want to avoid is to define different ldap modules differing just the
filter.
Any idea?
--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 868888337
More information about the Freeradius-Users
mailing list