How to add VAP based on LDAP group membership
Alan DeKok
aland at deployingradius.com
Thu Jan 14 16:25:16 CET 2016
On Jan 14, 2016, at 10:04 AM, Thomas Stather <Thomas.Stather at mpimf-heidelberg.mpg.de> wrote:
> I have a RADIUS setup (eduroam) where the users are authenticated against LDAP (mod_ldap, not ntlm_auth) for our own domain. All other users are proxied to a RadSec proxy.
> This works fine, but now we need the possibility to replace the Aruba-User-VLAN VAP with a different VLAN ID, if some users from our domain can be found in a special LDAP group (i.e. cn=testgroup). If not, the users should get assigned the Aruba-User-VLAN VAP 31.
>
> What do i have to change in my setup in order to make this work?
Write down the rules in procedural form. Then translate them to unlang.
if (my realm) {
if (ldap group == test group ) {
VLAN VAP 31
}
else {
VLAN VAP
}
}
It's really that simple.
Alan DeKok.
More information about the Freeradius-Users
mailing list