(RADIATOR) global variable als LDAP host

Hugh Irvine hugh at open.com.au
Wed Jun 4 17:48:34 CDT 2008


Hello Peter -

This is already supported - see section 5.36.1 in the Radiator 4.2  
reference manual ("doc/ref.pdf").

You need the correct syntax however:  %{GlobalVar:ldap1}. See section  
5.2 in the manual.

You might also consider defining your AuthBy LDAP2 clauses just once  
with Identifier's:


.....

DefineFormattedGlobalVar some-thing-ldap1 145.48.x.y
DefineFormattedGlobalVar some-thing-ldap2 145.48.x.z

.........


<AuthBy GROUP>
                 Identifier CheckLDAPServers
                 AuthByPolicy ContinueUntilAccept
                 <AuthBy LDAP2>
                         Host %{GlobalVar:%{Handler:Identifier}-ldap1}
                         Port 389
                         BaseDN ou=Users, o=HSB
                         UsernameAttr cn
                         ServerChecksPassword
                         Timeout 5
                 </AuthBy>
                 <AuthBy LDAP2>
                         Host %{GlobalVar:%{Handler:Identifier}-ldap2}
                         Port 389
                         BaseDN ou=users, o=HSB
                         UsernameAttr cn
                         ServerChecksPassword
                         Timeout 5
                 </AuthBy>
</AuthBy>

<Handler some-things-here....>
         Identifier some-thing
         AuthBy CheckLDAPServers
</Handler>

.....

Please let me know how you get on.

regards

Hugh


On 4 Jun 2008, at 20:48, Peter Havekes wrote:

> Hi,
>
> Is it possible to use a global variable in the host-paramater of  
> authby ldap?
>
> I'm using multiple radiator servers at different sublocations. Each  
> has to connect to the local LDAP-server for performance reasons.
> I use the same authby-ldap definitions in multiple handles. It  
> would be nice to only change the ldap host adress in one place, in  
> stead of all authby clauses.
>
> config-sniplets:
>
> DefineFormattedGlobalVar ldap1 145.48.x.y
> DefineFormattedGlobalVar ldap1 145.48.x.z
>
> <Handler some-things-here....>
>         <AuthBy GROUP>
>                 AuthByPolicy ContinueUntilAccept
>                 <AuthBy LDAP2>
>                         Host %{ldap1}
>                         Port 389
>                         BaseDN ou=Users, o=HSB
>                         UsernameAttr cn
>                         ServerChecksPassword
>                         Timeout 5
>                 </AuthBy>
>                 <AuthBy LDAP2>
>                         Host %{ldap2}
>                         Port 389
>                         BaseDN ou=users, o=HSB
>                         UsernameAttr cn
>                         ServerChecksPassword
>                         Timeout 5
>                 </AuthBy>
>         </AuthBy>
> </Handler>
>
>
> but this results in :
>
> Wed Jun  4 12:18:45 2008: DEBUG: Handling with Radius::AuthLDAP2:
> Wed Jun  4 12:18:45 2008: INFO: Connecting to :389
> Wed Jun  4 12:18:45 2008: ERR: Could not open LDAP connection to : 
> 389. Backing off for 600 seconds.
> Wed Jun  4 12:18:45 2008: DEBUG: Handling with Radius::AuthLDAP2:
> Wed Jun  4 12:18:45 2008: INFO: Connecting to :389
> Wed Jun  4 12:18:45 2008: ERR: Could not open LDAP connection to : 
> 389. Backing off for 600 seconds.
> Wed Jun  4 12:18:45 2008: DEBUG: AuthBy GROUP result: IGNORE, User  
> database access error
>
>
>
>
>
> Any suggestions would be nice...
>
>
>
>
>
>
>
>
>
> -- 
>
>
> Peter Havekes
> DIF-ICT
> ICT-Ontwikkeling
> Avans Hogeschool
> Onderwijsboulevard 215
> 5223 DE 's-Hertogenbosch
> Telefoon    0736 295 592
> Mobiel       0612917383
> Fax           0736295488
> email/msn p.havekes at avans.nl
>
>
>
> ---------------------------------------------------------------------- 
> -----
> Op deze e-mail zijn de volgende voorwaarden van toepassing:
> The following conditions apply to this e-mail:
> http://emaildisclaimer.avans.nl
> ---------------------------------------------------------------------- 
> -----
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list