Hello Michael -
On Sat, 21 Oct 2000, [EMAIL PROTECTED] wrote:
> I'm pretty new to this mailing-list - sorry if this question was answered
> before - but I haven't found a complete answer when searching the archives.
>
> First I'd like to state that I'm pretty happy with Radiator - very good product
> at reasonable price!
>
Thanks for the kind words.
> My problem is that I have to authenticate a group of users against Win2k
> Domain and other LDAP-sources.
> Due to the fact that Radiator is (AND WILL) be running on Unix I'm not
> able to use the ADSI AuthHandler.
> But I succeeded in authenticating Win2k-Users thru the Authby-LDAP2.
> The only thing that is left is the following:
> HOW CAN I check if a particular user is a member of a specified LDAP-group?
> It works fine if the user is just in one single group (LDAP-memberof has only
> one instance) but if the user belongs to multiple groups then only
> the first group is checked against (see below).
>
> my part of config-file:
> (test-group is initialized in the preauth-hook w/ the groupname)
> AuthAttrDef memberof, test-group, check
>
> Line 445 in AuthLDAP2.pm (Radiator 2.16.3):
> $user->get_check->add_attr($attrib, $$vals�0�);
>
> ANY HINTS OR SUGGESTIONS FOR A WORKING SOLUTION???
> or should I write my own handler ???
>
I think the simplest thing would be to use the "SearchFilter" parameter to
specify your own LDAP query (w/o the PreAuthHook). This has been discussed on
the list previously - do a search on "SearchFilter".
> Best regards,
>
> Mit freundlichen Grueszen
>
Danke -
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
