(RADIATOR) Radiator doesn't bind to LDAP

David Felipe Rios Rojas DRIOSR at eeppm.com
Tue Feb 21 09:30:58 CST 2006 

> -----Mensaje original-----
> De: Hugh Irvine [mailto:hugh at open.com.au] 
> Enviado el: Viernes, 17 de Febrero de 2006 05:38 p.m.
> Para: David Felipe Rios Rojas
> CC: Radiator-List list
> Asunto: Re: (RADIATOR) Radiator doesn't bind to LDAP
> 
> 
> Hello David -
> 
> You will need to use two AuthBy LDAP clauses - the first to  
> authenticate the user and get the GroupId, and the second to get the  
> GroupAttributes for the GroupId.
> 
> Something like this:
> 
> 
> <Realm ....>
> 
> 	AuthByPolicy ContinueWhileAccept
> 
> 	<AuthBy LDAP2>
> 		# authenticate the user and return the GroupId 
> in the request
> 		.......
> 		AuthAttrDef GroupId, GroupId, request
> 	</AuthBy>
> 
> 	<AuthBy LDAP>
> 		# get the GroupAttributes for this GroupId
> 		......
> 		SearchFilter .....GroupId....
> 		AuthAttrDef GroupAttributes, GENERIC, reply
> 	</AuthBy>
> 
> </Realm>
> 
> 
> The GroupAttributes field will contain the list of attribute=value  
> pairs sepatated by commas:
> 
> 	..... = ....... , ........ = ........ , ........ = ..........
> 
> 
> Hope that helps.
> 
> regards
> 
> Hugh
> 

Hi Hugh.

I did what you wrote and it's working so good :)

However we have another problem; I will explain it after
show you my config file:

#################################################################
<Realm DEFAULT>
        AuthByPolicy ContinueWhileAccept

        <AuthBy LDAP2>
                RewriteUsername s/^([^@]+).*/$1/

                Host            xxxxxx

                AuthDN          cn=root
                AuthPassword    xxxxxx

                BaseDN          %0=%1,ou=xxxxxx,o=xxxxxx,o=xxxxxx
                SearchFilter    radiusLoginService=E

                UsernameAttr    uid
                PasswordAttr    userPassword

                HoldServerConnection
                Debug 255
                Version 3

                AuthAttrDef     radiusServiceType,profile,request
        </AuthBy>

        <AuthBy LDAP2>
                Host            xxxxxx

                AuthDN          cn=root
                AuthPassword    xxxxxx

                BaseDN          ou=RadiusProfiles,o=xxxxxx,o=xxxxxx
                SearchFilter    radiusprofiledn=%{profile}

                HoldServerConnection
                Version 3
                Debug 255

                AuthAttrDef radiusNasIPAddress, NAS-IP-Address, check
                AuthAttrDef radiusServiceType, Service-Type, reply
        </AuthBy>
</Realm>
#################################################################

when "NAS-IP-Address" matches with IP sent by "radpwtst", Radiator
returns "Service-Type" to NAS and that's OK; but when "NAS-IP-Address"
*doesn't* match, Radiator executes second "AuthBy" clause over and over
and it doesn't stop.

Thanks in advance

-- 
David Rios R.
Ingenieria de Desarrollo
Expansion Nuevos Servicios
Empresas Publicas de Medellin
 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list