Ldap check attribute
Khapare Joshi
khapare77 at gmail.com
Tue Mar 24 13:10:00 CET 2015
I have a ldapserver which has a objectClass = eduPerson
in eduPersonPrimaryAffiliation we have staff and student
I did the ldapsearch from the radius server command line as:
ldapsearch -h ldapserver "dc=EXAMPLE,dc=COM" -x -s sub uid=tom
eduPersonPrimaryAffiliation
# extended LDIF
#
# LDAPv3
# base <dc=EXAMPLE,dc=COM> with scope subtree
# filter: uid=tom
# requesting: eduPersonPrimaryAffiliation
#
# tom, People, example.com
dn: uid=tom,ou=People,dc=example,dc=com
eduPersonPrimaryAffiliation: staff
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
[tom at radiusserver ~]#
What I am trying to do is :
if person (user)'s eduPersonPrimaryAffiliation=staff he/she can have 5
simultaneous connection else 1 simultaneous connection.
I have configured ldap in /etc/raddb/modules/ldap so ldap bind is okay
[ldap] performing user authorization for tom
[ldap] expand: %{Stripped-User-Name} -> tom
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=tom)
[ldap] expand: dc=EXAMPLE,dc=CIN -> dc=EXAMPLE,dc=COM
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to ldapserver:389, authentication 0
[ldap] bind as cn=tom,ou=People,dc=EXAMPLE,dc=COM/KEYBOARD to
ldapserver:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in dc=EXAMPLE,dc=COM, with filter (uid=tom)
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the
user is configured correctly?
[ldap] ldap_release_conn: Release Id: 0
++[ldap] = ok
Where do I add the ldapchcek for eduPersonPrimaryAffiliation: staff/student
or the right way of doing ?
K
More information about the Freeradius-Users
mailing list