Is this possible?
My Case:
I have a ldap group called cn=mygroup,o=myorg,c=mycountry
A user: cn=myuser,o=myorg,c=mycountry
The configuration for ldap have:
groupname_attribute = cn
groupmembership_filter =
"(&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name:-%{User-Name}}))"
groupmembership_attribute = radiusGroupName
An the user file have:
DEFAULT Ldap-Group == mygroup
Tunnel-Medium-Type = IEEE-802,
Tunnel-Type = VLAN,
Tunnel-Private-Group-Id = 1,
Fall-Through = No
Everything is going ok, but i want more and begin to test:
DEFAULT Ldap-Group == mygroup
Tunnel-Medium-Type = IEEE-802,
Tunnel-Type = VLAN,
Tunnel-Private-Group-Id =
`%{ldap:ldap:///cn=mygroup,o=myorg,c=mycountry?radiusTunnelPrivateGroupId?base?memberUid=%{Stripped-User-Name}}`,
Fall-Through = No
Adding the radiusProfile Object to the posixGroup, and put the attribute
radiusTunnelPrivateGroupId as 1. Going ok
But i want to manage all from ldap and this configuration fail because
radius can't get the ldap group list and don't check the groups.
DEFAULT Ldap-Group == *
Tunnel-Medium-Type = IEEE-802,
Tunnel-Type = VLAN,
Tunnel-Private-Group-Id =
`%{ldap:ldap:///cn=%{Ldap-Group},o=myorg,c=mycountry?radiusTunnelPrivateGroupId?base?memberUid=%{Stripped-User-Name}}`,
Fall-Through = No
There are any solution to fully manage the groups from ldap?
Thanks.
--
-------------------------
Alejandro Escanero Blanco
Secretaría General Técnica - Servicio de Informática Sistemas
Tel: 671 569 262 (769262)
Consejería de Innovación, Ciencia y Empresa
Junta de Andalucía
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
