LDAP retrieve additional attributes and map to radius attributes

Workout Yahoo workoutexcite at yahoo.com
Mon Aug 7 22:36:05 CEST 2006


Hi, Sorry if this question is a repeat but I saw the
mail archives and not able to find what I am looking
for.

We are using freeradius to connect to LDAP server.  
I can able to authenticate with the radius sever fine.

Now I want to retrieve ldap attribute called
productId. Depends on the productId, I have to give
access the users.

If the productId=1234, then all the users will get
access. If not..no access.

After reading the mail archives and documentation, I
saw I need to do changes in
/etc/raddb/dictionary,/etc/raddb/users,
/etc/raddb/ldap.attrmap

Can you please explain me what is the right config I
need to modify.

You help is really appreciated.
Thanks and regards.


Here is the radiusd.conf for ldap. 

ldap {


                server = "testldap.xyz.com"
###
                identity = "cn=Directory Manager"
###
                password = 1223
###
                basedn =
"dc=test1213,dc=household,o=internet"


                filter =
"(uid=%{Stripped-User-Name:-%{User-Name}})"

                encryption_scheme = crypt
                start_tls = no
                dictionary_mapping =
${raddbdir}/ldap.attrmap

                ldap_connections_number = 5

                password_attribute = userPassword
                timeout = 4
                timelimit = 3
                net_timeout = 1

                #compare_check_items = yes
                #do_xlat = yes
                # access_attr_used_for_allow = yes
###
        }


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



More information about the Freeradius-Users mailing list