(RADIATOR) Store RADIUS attributes in LDAP?

Ingvar Bjarnason ingvarbj at centrum.is
Tue Jun 24 12:03:02 CDT 2003 

Hi Matt,

    We are storing user information in LDAP.   Below is the authby clause we
use.   To add radius attributes to the ldap entry for the user you simply
need to have them in the entry for the user ( same level in our case ).
We retrieve static ip addresses for example using the AuthAttrDef.   If
there is a match for the entry StaticIPaddress on the user a reply-item of
Framed-IP-Address is returned.   If not, nothing is returned and the reply
item does not get added.   You can do the same for any radius attribute.
AuthAttrDef takes care of mapping together radius attributes and
corresponding attributes in LDAP.

    Hope this helps,

                        Ingvar

<AuthBy LDAP2>
                Identifier CheckLDAP
                NoDefault
                DefaultSimultaneousUse 1
                Host ldaphost.your.network
                Port 389
                HoldServerConnection
                Timeout 2
                FailureBackoffTime 300
                Scope one
                AuthDN cn=Manager,cn=ldaphost
                AuthPassword ldappassword
                BaseDN cn=People,cn=domain1,cn=Virtual Domains,cn=ldaphost
                UsernameAttr uid
                PasswordAttr clearTextPassword
                SearchFilter
(&(serviceStatus=Active)(%0=%w)(|(IPConnectionType=ISDNPLUS)(IPConnectionTyp
e=ADSL)))
                AuthAttrDef StaticIPaddress,Framed-IP-Address,reply
                AddToReply Framed-Protocol = PPP,\
                  Framed-IP-Netmask = 255.255.255.255, \
                  Framed-Routing = None, \
                  Service-Type = Framed-User, \
                  Framed-MTU = 1500, \
                  Framed-Compression = Van-Jacobson-TCP-IP
 </AuthBy>

Ingvar Bjarnason
Engineer/Data division
Iceland Telecom

----- Original Message ----- 
From: "Matt Richard" <matt.richard at fandm.edu>
To: <radiator at open.com.au>
Sent: Tuesday, June 24, 2003 2:27 PM
Subject: (RADIATOR) Store RADIUS attributes in LDAP?


> The Radiator documentation states that I can store RADIUS attributes
> in LDAP, and retrieve them with AuthAttrDef or similar methods.  But
> the documentation doesn't discuss what schema to use, or how those
> attributes should be stored so that Radiator can find them.
>
> How are other people doing this?  (Is anyone else doing this?)  Are
> you using schema's from OpenRADIUS or FreeRadius, or Netscape
> Directory Server or the aboba draft?   Or are you building your own
> schema?
>
> Thanks!
>
> Matt
> -- 
> Matt Richard
> Access and Security Coordinator
> Franklin & Marshall College
> matt.richard at fandm.edu
> (717) 291-4157
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list