Assign user to a realm.
Alan DeKok
aland at deployingradius.com
Fri May 31 11:29:02 UTC 2024
On May 30, 2024, at 6:22 PM, Deepansha Gaur <dgaur at ualberta.ca> wrote:
> Some users are in the "users" file and some in LDAP. I'm looking for assigning a realm to users in the users file or if I can assign a realm to a particular LDAP group.
The server comes with a lot of documentation. If you read it, you'll notice that the only references to "realms" is in the realms module, and the proxy configuration.
i.e. there is no such thing as "assign a realm to a particular ldap group". The LDAP module doesn't have the concept of realms. If it it, that would be documented in mods-available/ldap.
Plus, it's not clear at all what you mean by "assign a realm to a particular LDAP group". That description is vague, and means that no one can implement it. So the problem here isn't that FreeRADIUS can't do something, it's that the requirements are unclear.
Please describe in DETAIL what you want the server to do. Be practical, and use real examples. e.g.
A user logs in as "user at example.com".
There is an LDAP group "foo".
The server should only do group lookups in the LDAP group if the realm is "example.com".
If you're going to implement detailed unlang policies, you need to describe those policies in detail. Unlang can't implement "I want to do stuff".
Alan DeKok.
More information about the Freeradius-Users
mailing list