authorization based on ldap attribute
Stefano Zanmarchi
zanmarchi at gmail.com
Wed Sep 19 18:03:11 CEST 2012
Hallo,
I've configured freeradius to authenticate users with PEAP, using
openldap to store NTLM hashes. It works fine.
Now I'd like to authorize only people who have the ldap attribute
"haDirittoEduroam" set to Y
(or the other way round: not to authorize users with
"haDirittoEduroam" set to N).
Below an example openldap entry.
Is there an easy way to achive this?
dn: uid=uto.ughi at myorg.it,dc=myorg,dc=it
objectClass: sambaSamAccount
objectClass: inetOrgPerson
objectClass: person
objectClass: dirittoEduroam
cn: Uto
sn: Ughi
uid: uto.ughi at myorg.it
haDirittoEduroam: N
sambaSID: 121212
userPassword: {SSHA}EnK9jqiVGSPNi6EQwpqdpjThBJHtZ1fi
sambaNTPassword: 2B466E3D3FB6AA4BF8AAAFEF8F59F6F3
sambaLMPassword: E52CAC67419A9A224300941ECC02054C
thanks a lot for your help,
Stefano
More information about the Freeradius-Users
mailing list