LDAP check attributes

Antonio Matera antonio.matera at create-net.it
Wed May 17 10:06:35 CEST 2006

thanks a lot for your answer.
Your solution works fine but I don't understand some things:

1 - If I insert the Cisco-AVPair in the filter and I haven't this 
attribute in my ldap user, I can't authenticate it. Is it possible to 
check the ssid only if it is in the list of the ldap user attributes?

2 - With this solution the following row in the ldap.attrmap is not 

checkItem	Cisco-AVPair	radiusCiscoAVPair

whitout it the filter authentication works.
It is not possible to use the ldap.attrmap file to inser a check item?

In this file I have inserted 3 replyItem:

replyItem	Tunnel-Medium-Type	radiusTunnelMediumType
replyItem	Tunnel-Private-Group-Id	radiusTunnelPrivateGroupId
replyItem	Tunnel-Type		radiusTunnelType

if I insert these three attribute in my ldap user they work without 
other configuration. Why the checkItem doesn't work?

3 - the last question is a little different: if I insert in the user 
file this row:


the authentication doesn't work. It is normal or I have some mistakes in 
my configuration?

Thanks a lot
Bye Antonio

on 17/05/2006 9.02 ludovic cailleau said the following:
> Hi
> fillter = 
> "(&(uid=%{Stripped-User-Name:-%{User-Name}})(radiusCiscoAVpair=%{Cisco-AVPair}))"
> regards

More information about the Freeradius-Users mailing list