freeradius 2.1.7-7.el5 - How to get vendor specific attributes from LDAP
Fajar A. Nugraha
list at fajar.net
Fri Nov 25 13:14:43 CET 2011
On Fri, Nov 25, 2011 at 5:14 PM, Jakub Pech <jakub.pech at spinoco.com> wrote:
> Dne 25.11.11 10:23, Fajar A. Nugraha napsal(a):
>>>
>>> Is there anything else then ldap.attrmap that should be set up for
>>> sending
>>> > vendor specific attributes from LDAP?
>>
>> Let's try something basic. Were you able to see the attribute (and its
>> value) when you do ldap query for that user (e.g. with ldapsearch)?
>
> Yes I'm.
Are you SURE?
If ldapsearch (or whatever ldap client you use) can show
radiusJuniperLocalUserName attribute correctly when you search for
that user, then your /etc/raddb/ldap.attrmap entry should be enough
(if you only have it as replyItem, that is). And to be safe, use tabs
(like the original entries) instead of space.
... and Alan is right (as usual), your debug log hasn't shown any
"ldap" lines in authorize phase. Probably you haven't uncomment it :)
Now if you HAVE ldap activated in authorize section, I'd also take a
look at this line
++[unix] returns updated
That's wrong. You ONLY want to authenticate against LDAP, right?
Comment out "unix" line from authorize section.
--
Fajar
More information about the Freeradius-Users
mailing list