Reset Search
 

 

Article

KB25638 - How to configure return list attributes in SBR based on LDAP attribute values

« Go Back

Information

 
Last Modified Date11/14/2015 10:42 PM
Synopsis
This article provides information on how to authorize users by assigning the return list attributes that are based on LDAP attribute values.
Problem or Goal
How to authorize users by assigning the return list attributes that are based on LDAP attribute values.
Cause
Solution
For example, there are 2 users in the LDAP database and SBR is able to successfully authenticate both users. However, it is required that one of these users should get read-only access and the other user should get read-write access on a switch that they are accessing.

As the users are located in an external database, the return list attribute mapping to the users cannot be done directly; the procedure to do so is as follows:

Note : Make sure that LDAP authentication is working in SBR, before proceeding with the following procedure.
 
  1. Create two profiles in SBR administrator - profile1 and profile2. Configure the read-only attribute as the return list attribute in profile1 and read-write attribute in profile2.
  2. In the LDAP server, select two users to perform this testing; for example, User1 and User2. User1 should be given read-only access and User2 should be given read-write access.
  3. In the LDAP server, select a common LDAP attribute for both the users for Radius authorization; for example, the department attribute in the LDAP server.
  4. Configure the department attribute for user1 with the profile1 value (as created in the SBR admin GUI) and for user2, use the profile2 value (as created in the SBR admin GUI) on the LDAP server.
  5. In the LDAPauth.aut file and under the [Response] section, add the following entry:
%Profile = department
  1. Restart the SBR service.
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255