Ldap check attribute

Khapare Joshi khapare77 at gmail.com
Wed Mar 25 12:17:11 CET 2015


can anyone help me in this ? or guide me how to do this ?

On Tue, Mar 24, 2015 at 12:10 PM, Khapare Joshi <khapare77 at gmail.com> wrote:

> I have a ldapserver which has a objectClass = eduPerson
>
> in eduPersonPrimaryAffiliation  we have staff and student
>
> I did the ldapsearch from the radius server command line as:
>
> ldapsearch -h ldapserver "dc=EXAMPLE,dc=COM" -x -s sub uid=tom
> eduPersonPrimaryAffiliation
>
> # extended LDIF
> #
> # LDAPv3
> # base <dc=EXAMPLE,dc=COM> with scope subtree
> # filter: uid=tom
> # requesting: eduPersonPrimaryAffiliation
> #
>
> # tom, People, example.com
> dn: uid=tom,ou=People,dc=example,dc=com
> eduPersonPrimaryAffiliation: staff
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
> [tom at radiusserver ~]#
>
>
> What  I am trying to do is :
>
> if person (user)'s eduPersonPrimaryAffiliation=staff he/she can have 5
> simultaneous connection else 1 simultaneous connection.
>
>
> I have configured ldap in /etc/raddb/modules/ldap so ldap bind is okay
>
> [ldap] performing user authorization for tom
> [ldap] expand: %{Stripped-User-Name} -> tom
> [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=tom)
> [ldap] expand: dc=EXAMPLE,dc=CIN -> dc=EXAMPLE,dc=COM
>   [ldap] ldap_get_conn: Checking Id: 0
>   [ldap] ldap_get_conn: Got Id: 0
>   [ldap] attempting LDAP reconnection
>   [ldap] (re)connect to ldapserver:389, authentication 0
>   [ldap] bind as cn=tom,ou=People,dc=EXAMPLE,dc=COM/KEYBOARD to
> ldapserver:389
>   [ldap] waiting for bind result ...
>   [ldap] Bind was successful
>   [ldap] performing search in dc=EXAMPLE,dc=COM, with filter (uid=tom)
> [ldap] looking for check items in directory...
> [ldap] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP.  Are you sure that
> the user is configured correctly?
>   [ldap] ldap_release_conn: Release Id: 0
> ++[ldap] = ok
>
>
> Where do I add the ldapchcek for eduPersonPrimaryAffiliation:
> staff/student or the right way of doing ?
>
> K
>


More information about the Freeradius-Users mailing list