ldap backend and Realm

Mon Nov 17 15:31:34 CET 2008

tnt at kalik.net a écrit :
>> I use unlang, here is my configuration radiusd.conf:
>>
>> modules {
>>
>> ...............
>>
>> ldap
>>            switch "%{Realm}" {
>>            case dr4.cnrs.fr  {
>>     
>
> 1. What version is this? Unlang works onl y in 2.x? ldap is not in
> radiusd.conf in that version any more.
>
> 2. unlang works in server not module configuration files. Create a
> temporary attribute to store basedn in raddb/dictionary file (lets say a
> string My-BaseDN). Than do this just before ldap in authorize:
>
> switch "%{Realm}" {
>    case "dr4.cnrs.fr" {
>       update control {
>          My-BaseDN = "ou=people,dc=dr4,dc=cnrs,dc=fr"
>       }
>    }
>    case ...
> }
>
> In ldap module configuration:
>
> ldap {
>    server = "ldapauth.cnrs-gif.fr"
>    identity = "uid=Manager,%{control:My-BaseDN}"
>    password = whatever
>    basedn = "%{control:My-BaseDN}"
> ..
> }
>
> If password also changes you will need another temp attribute (lets say
> My-Password) to update with My-BaseDN and to replace for "whatever".
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>   
Thanks Ivan, but still doesn't work...
In my /etc/raddb/dictionary file:
ATTRIBUTE   My-BaseDN   10 string

radiusd.conf configured like you said (module ldap, authorize section)
radiusd starts and logs says:

Nov 17 15:13:31 localradius radiusd[8420]: Ready to process requests.
Nov 17 15:13:39 localradius radiusd[8420]: rlm_ldap: 
uid=Manager,%{control:My-BaseDN} bind to ldapauth.cnrs-gif.fr:389 failed 
Invalid DN syntax
Nov 17 15:13:39 localradius radiusd[8420]: rlm_ldap: (re)connection 
attempt failed

radiusd can not replace the temporary attribute (My-BaseDN) with the 
correct value ...

May be cause the ldap module is called before authorize section where 
My-BaseDN is defined ??

-- 
Mustapha BOUIKHIF
Service Systèmes d'Information
CNRS - DR4 

tel: +33 1 69 82 33 97
fax: +33 1 69 82 33 39