Managing Virtual Domains

You can manage remote user connections from users who belong to a virtual domain, that is, a domain that you manage on behalf of another organization.

For example, if ABC corporation decided to use ISP corporation to manage their internet mail service, ABC would be assigned a domain name such as abc.com, and a pool of IP addresses. ISP corporation manages user information, and remote user connections for ABC corporation. When an employee from ABC corporation connects to request remote access, the connection parameters are the user login and the user password.

For example, John Smith logs in with the following parameters:

• Login: jsmith@abc.com

• Password: secret

The RADIUS server of ISP corporation needs to separate the user ID from the domain information. The beginning of the USERS table and the variables defined in the Dynamic section are shown below:

Table: USERS
	Common:
		BaseDN= o=isp, c=us
	Dynamic
		userID=>$myID@$virtualDomainT || $myID
		FILTER=(&(Objectclass=remoteUser)(uid=$myID))

In this configuration example, the username variable accepts two alternative expressions so that it can handle equally well remote users who have a domain name appended to their user ID, and those who do not.

The domain name must be checked during the authentication procedure, therefore the directory entry of John Smith includes these attributes:

• uid: jsmith

• userPassword: * (protected)

• authSuffixName: @abc.com

• grpCheckInfo: userPassword, authSuffixName