[LDAP] User-Profile assigned only if set in user attr radiusProfileDn

Zeus Panchenko zeus at ibs.dn.ua
Sun Aug 16 19:31:28 CEST 2015


Alan DeKok <aland at deployingradius.com> wrote:
> > assigned. If not true, the specified User-Profile is not assigned.
> 
>   That's done when the "ldap" module is run in the "authorize" stage.
>   It is NOT done when you manually tell the server to do an LDAP-Group
>   check.

where are the conditions for that check should then be defined?

I hoped to set:

radiusCheckItem='Called-Station-SSID == ABC'
radiusReplyItem='User-Profile=cn=userprofile1,ou=profiles,ou=RADIUS,dc=xyz'

in user's LDAP object, but it doesn't work ... and if I understood your
some previous answer, it is not supposed to work this way (at least now)

please, help me to understand what I miss ... it looks as simple and not
so rare condition ... "to assign LDAP based profile to the user who
belongs to LDAP based group" 

if it is impossible to do via only-LDAP configuration, than how to do it
correct way?

-- 
Zeus V. Panchenko				jid:zeus at im.ibs.dn.ua
IT Dpt., I.B.S. LLC					  GMT+2 (EET)


More information about the Freeradius-Users mailing list