Authorization according to openLDAP group or attribute?

Alan DeKok aland at
Sun Aug 3 22:05:16 CEST 2014

Mark jensen wrote:
> And we want only some users to have access to `` web server,
> how can we forbid other users to access this web server or restrict this
> web servers to some users according to openLDAP attribute or openLDAP group?

  The first thing is to run the server in debugging mode.  What makes
the requests from that web server different from the requests from other
web servers?

  Then, write policies to check for those differences, and reject users.

  This is usually something like:

	if ((web server &&
	    (LDAP-Group != "allowed_for_192.168.1.5)) {

  And no, you don't put that EXACT text into the "authorize" section.
You've got to fill in the blanks.

> Is there could be done using "authorize" section or "post-auth" section?
> (provide me with links please)

  We don't provide documentation on how to solve your exact problem.
There are 10 different questions a day, 365 days a year.

  Alan DeKok.

More information about the Freeradius-Users mailing list