How to add VAP based on LDAP group membership
Thomas Stather
Thomas.Stather at mpimf-heidelberg.mpg.de
Wed Jan 20 15:11:52 CET 2016
Hello
To be more specific i want to achieve this:
if (Realm == "testdomain.de") {
if (calling-station-id -> found in ldap *){
update reply {
Aruba-User-Vlan = "31"
}
else
update reply {
Aruba-User-Vlan = "32"
}
}
* the mac-address can be found in the ou:hosts with the attribute name
"macAddress". The format is aa:bb:cc:dd:ee:ff so the calling-station-id
needs to be converted somehow.
What i am looking for is the unlang part of the "calling-station-id ->
found in ldap" query.
Best,
Thomas
Am 14.01.2016 um 16:25 schrieb Alan DeKok:
> On Jan 14, 2016, at 10:04 AM, Thomas Stather <Thomas.Stather at mpimf-heidelberg.mpg.de> wrote:
>> I have a RADIUS setup (eduroam) where the users are authenticated against LDAP (mod_ldap, not ntlm_auth) for our own domain. All other users are proxied to a RadSec proxy.
>> This works fine, but now we need the possibility to replace the Aruba-User-VLAN VAP with a different VLAN ID, if some users from our domain can be found in a special LDAP group (i.e. cn=testgroup). If not, the users should get assigned the Aruba-User-VLAN VAP 31.
>>
>> What do i have to change in my setup in order to make this work?
> Write down the rules in procedural form. Then translate them to unlang.
>
> if (my realm) {
> if (ldap group == test group ) {
> VLAN VAP 31
> }
> else {
> VLAN VAP
> }
> }
>
> It's really that simple.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Thomas Stather
IT Services
Tel: +49 6221-486 628
Fax: +49 6221-486 561
------------------------------------------------------------------------
Max Planck Institute for Medical Research (MPImF)
Jahnstrasse 29, 69120 Heidelberg
Germany
More information about the Freeradius-Users
mailing list