FreeRadius - Pass LDAP Group (Attribute?) to RSSO?
Matthew Stavert
matthew.stavert at nlsd.ab.ca
Wed Dec 13 18:50:11 CET 2017
> *What, exactly do you need to do? Write that down, first. e.g.*
I need to identify the group the user is in once they are authenticated,
and then pass the users's group to the Dynamic RSSO group on the Fortigate
using the Class attribute I believe.
A picture is worth 1000 words...or something like that:
[image: Inline image 2]
The user names are being passed from freeradius, but the user's are not
there.
To pass the user's LDAP group, I believe I need to identify which group
they are a part of in freeradius, and put that in CLASS.
> * If they're a member of LDAP group X, send class Y.*
>etc.
Yes, this is what I need to do. If member of student, send Class=students,
If member of admins send class=admins, if member of staff, send class=staff.
Would I have to identify some of this in the LDAP module, or is free radius
Version 3, smart enough to identity what group the user is a part of in
LDAP? If it is, I imagine I can just move to implementing in unlang. If
not...can you provide me with some guidance where I would start identifying
or how I would identify what gorup the user was a part of in free radius,
and what file that would go in?
>*Then... implement that in unlang.*
What conf file and area would be the best place to put the unlang if
statements, IE:
if User-Name is a member of students
then
Class = students
if User-Name is a member staff
then
Class = Staff
etc.
>*And upgrade to v3. It will be infinitely easier to do this (and debug
it), than in 2.1.1.*
I will be upgrading to version 3 today, and getting this all going on the
newest server.
>Alan DeKok.
--
______________________________________________________________________________
*Matthew Stavert* - CIPS I.S.P, ITSM, ITIL Certified, Google APPS
Certified, MCE - Microsoft Certified Educator, MTA Certified - Microsoft
Technology Associate
Information Systems Analyst - Systems Integration Specialist
Northern Lights School Division No. 69
CIPS: Canada's Only Legally Recognized Professional Designation
http://www.cips.ca
Office: 780-826-3145
Cell : 780-207-1146
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 22400 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20171213/477d7a15/attachment-0001.png>
More information about the Freeradius-Users
mailing list