Freeradius-Devel Digest, Vol 136, Issue 4

Saeed Khademi saeedji at gmail.com
Tue Aug 9 14:09:51 CEST 2016 

Dear  Alan DeKok,

Thank you for your prompt reply.


> How do the users login?  "user at a.com" and "user at b.com" ?

Yes, users login with user at a.com and user at b.com

> That doesn't work.  You can't just invent syntax and have it work.
>


I know that we can not put a SWITCH in ldap file.
what I meant was to say about my intention toward my current config.
another way which I tried and failed was to use a variable. It is possible 
to
use a variable in ldap file.

-----------
in users:

DEFAUL    ldap-basedn :=  switch ( “&Realm” ) {
                                                   case “A.com”  {  base_dn 
= {"ou=people,dc=A,dc=com" }
                                                   case “A.com”  {  base_dn 
= {"ou=people,dc=B,dc=com" }
                                                   case “A.com”  {  base_dn 
= {"ou=people,dc=C,dc=com" }
                                            }
------------
and then in ldap:

base_dn := "%ldap_basedn"

=====================

My question is that, is is possible to do this somehow and avoid
putting 3 ldap section in mods-available/ldap ?

> See "man unlang" for unlang documentation.  See the LDAP module config for 
> what the LDAP module accepts.

I will go for them, to see if I can find a way.

Kind Regards,
Saeed.



-----Original Message----- 
From: freeradius-devel-request at lists.freeradius.org
Sent: Tuesday, August 09, 2016 1:30 PM
To: freeradius-devel at lists.freeradius.org
Subject: Freeradius-Devel Digest, Vol 136, Issue 4

Send Freeradius-Devel mailing list submissions to
freeradius-devel at lists.freeradius.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-devel
or, via email, send a message with subject or body 'help' to
freeradius-devel-request at lists.freeradius.org

You can reach the person managing the list at
freeradius-devel-owner at lists.freeradius.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Devel digest..."


Today's Topics:

   1. Commit report for v3.1.x branch (The git bot)
   2. One LDAP server, Multiple Domains ( baseDN ) (Saeed Khademi)
   3. Re: One LDAP server, Multiple Domains ( baseDN ) (Alan DeKok)


----------------------------------------------------------------------

Message: 1
Date: Tue,  9 Aug 2016 00:00:02 +0200 (CEST)
From: announce at freeradius.org (The git bot)
To: freeradius-devel at lists.freeradius.org
Subject: Commit report for v3.1.x branch
Message-ID: <20160808220002.A35662240C33 at power.freeradius.org>

New activity for FreeRADIUS (the high performance and highly configurable 
RADIUS server)

======
Merge pull request #1672 from 
jrouzierinverse/relax-casting-signed-to-integer

Relax casting from signed to integer

Arran Cudbard-Bell (via GitHub)@2016-08-08T21:33:33Z
Files modified:
* src/lib/value.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/71f83a153dd2b369cc9e2904f8b3ef147e7d0572
======
Relax casting from signed to integer

James Rouzier at 2016-08-08T21:29:29Z
Files modified:
* src/lib/value.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/8d1b6efc75188d776286fcbf974a39f66c4a6f0e
======
-- 
This commit summary was generated @2016-08-09T00:00:02Z by lgfeed version 
0.00 (https://github.com/arr2036/lgfeed).


------------------------------

Message: 2
Date: Tue, 9 Aug 2016 11:31:24 +0330
From: "Saeed Khademi" <saeedji at gmail.com>
To: <freeradius-devel at lists.freeradius.org>
Subject: One LDAP server, Multiple Domains ( baseDN )
Message-ID: <58416B774DB745E6AB12D28102EE3DDA at Saeed>
Content-Type: text/plain; charset="utf-8"

Hello,
I am new to this list, and my question maybe asked before.
Sorry if this is a duplicate.

I have one LDAP server, with multiple domain names on it:

LDAP server : A.COM

Domains : A.com
                B.com
                C.com

now I am trying to get it work and authenticate users of all 3 domains 
correctly. At the same time,
I like to keep the configuration as short & simple as possible.
Tried many scenario’s, the only one that worked was this:
==============
in mods-available/LDAP :

ldap A.com {
.....
}

ldap B.com {
....
}

ldap C.com {
....
}
-----------
in sites-enable/default

authorize {
     pap
     eap
     ....
     A.com
     B.com
     C.com
.....
}


authenticate {
......
    Auth_type ldap {
        A.com
        B.com
        C.com
    }
-----------------
in sites-enabled/inner_tunnel

the same as sites-enable/default

======================================
and it works.
Since all the configuration for all three domains are the same, except for 
base_DN, what I’d like to have is
to use something like this:
switch ( “&Realm” ) {
      case “A.com”  {  base_dn = {"ou=people,dc=A,dc=com" }
      case “A.com”  {  base_dn = {"ou=people,dc=B,dc=com" }
      case “A.com”  {  base_dn = {"ou=people,dc=C,dc=com" }
}


is it possible to do it?
if YES, then where should I put it? and what happens for authorize and 
authentication sections?

Regards,
Saeed.







------------------------------

Message: 3
Date: Tue, 9 Aug 2016 10:03:34 +0200
From: Alan DeKok <aland at deployingradius.com>
To: FreeRadius developers mailing list
<freeradius-devel at lists.freeradius.org>
Subject: Re: One LDAP server, Multiple Domains ( baseDN )
Message-ID: <F2440419-7F11-43F0-912A-96D6066D6550 at deployingradius.com>
Content-Type: text/plain; charset=utf-8

On Aug 9, 2016, at 10:01 AM, Saeed Khademi <saeedji at gmail.com> wrote:
> I am new to this list, and my question maybe asked before.
> Sorry if this is a duplicate.

  It's really a question for freeradius-users, not freeradius-devel.  But 
anyways...

> I have one LDAP server, with multiple domain names on it:
>
> LDAP server : A.COM
>
> Domains : A.com
>                B.com
>                C.com
>
> now I am trying to get it work and authenticate users of all 3 domains 
> correctly. At the same time,
> I like to keep the configuration as short & simple as possible.

  How do the users login?  "user at a.com" and "user at b.com" ?

> Since all the configuration for all three domains are the same, except for 
> base_DN, what I’d like to have is
> to use something like this:
> switch ( “&Realm” ) {
>      case “A.com”  {  base_dn = {"ou=people,dc=A,dc=com" }
>      case “A.com”  {  base_dn = {"ou=people,dc=B,dc=com" }
>      case “A.com”  {  base_dn = {"ou=people,dc=C,dc=com" }
> }

  That doesn't work.  You can't just invent syntax and have it work.

  See "man unlang" for unlang documentation.  See the LDAP module config for 
what the LDAP module accepts.

  Alan DeKok.




------------------------------

Subject: Digest Footer

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/devel.html


------------------------------

End of Freeradius-Devel Digest, Vol 136, Issue 4
************************************************

More information about the Freeradius-Devel mailing list