the host,port information does not correspond to the configured attributes).
USER PROFILE ATTRIBUTE:
-
The module can use the User-Profile attribute. If it is set, it will assume that it contains
the DN of a profile entry containing radius attributes. This entry will _replace_ the default
profile directive. That way we can use different profiles based on checks on the radius attributes
DEFAULT Service-Type == Outbound-User, User-Profile := "uid=outbound-dialup,dc=company,dc=com"
+GROUP SUPPORT:
+The module supports searching for ldap groups by use of the Ldap-Group attribute. As long as the module
+has been instanciated it can be used to do group membership checks through other modules. For example in
+the users file:
+
+DEFAULT Ldap-Group == "disabled", Auth-Type := Reject
+ Reply-Message = "Sorry, you are not allowed to have dialup access"
+
DIRECTORY COMPATIBILITY NOTE:
If you use LDAP only for authorization and authentication (e.g. you can not
afford schema extention), I propose to set all necessary attributes in
* - Fixed a bug where the ldap server will kill the idle connections from the ldap
* connection pool. We now check if ldap_search returns LDAP_SERVER_DOWN and try to
* reconnect if it does. Bug noted by Dan Perik <dan_perik-work@ntm.org.pg>
+ * May 2002, Kostas Kalevras <kkalev@noc.ntua.gr>
+ * - Instead of the Group attribute we now have the Ldap-Group attribute, to avoid
+ * collisions with other modules
*/
static const char rcsid[] = "$Id$";
inst->check_item_map = NULL;
inst->conns = NULL;
- paircompare_register(PW_GROUP, PW_USER_NAME, ldap_groupcmp, inst);
-#ifdef PW_GROUP_NAME /* compat */
- paircompare_register(PW_GROUP_NAME, PW_USER_NAME, ldap_groupcmp, inst);
-#endif
+ paircompare_register(PW_LDAP_GROUP, PW_USER_NAME, ldap_groupcmp, inst);
DEBUG("conns: %p",inst->conns);
xlat_name = cf_section_name2(conf);
/*
- * ldap_groupcmp(). Implement the Group == "group" filter
+ * ldap_groupcmp(). Implement the Ldap-Group == "group" filter
*/
static int ldap_groupcmp(void *instance, REQUEST *req, VALUE_PAIR *request, VALUE_PAIR *check,
pair = nextpair;
}
- paircompare_unregister(PW_GROUP, ldap_groupcmp);
-#ifdef PW_GROUP_NAME
- paircompare_unregister(PW_GROUP_NAME, ldap_groupcmp);
-#endif
+ paircompare_unregister(PW_LDAP_GROUP, ldap_groupcmp);
xlat_unregister(inst->xlat_name,ldap_xlat);
free(inst->xlat_name);