LDAP access configuration
Manuel Sánchez Cuenca
msc at dif.um.es
Wed May 23 09:40:42 CEST 2007
Hello all,
I have a scenario where a first radius server (R1) proxies the
authentication request to another radius server (R2). Later, when the
user is authenticated, R1 must access to a LDAP server to recover some
network parameters, such as session-timeout or framed-ip-address, and
enforce them in the Access Point (AP). Currently, R1 is configured to
access to the LDAP server using the user name as filter (filter =
"(uid=%{Stripped-User-Name:-%{User-Name}})" in radiusd.conf). My
question is, it is possible to configure this filter to use a radius
attribute received in the response from R2? I mean, R2 returns in the
response an attribute called attr1=val1, and then R1 must use this
attribute to search in the LDAP server (¿filter="(uid=%{attr1})" or
something similar?)
Internet
/
User -------- AP ---------- R1 -------- R2
\
LDAP
User AP R1 LDAP R2
(authn req.)
------------------------------>--------------------------------------->
(authn response + attr1=val1)
<----------------------------------------
(search uid=attr1)
------------------>
(network params)
<------------------
(params)
<----------------
(Success)
<------------<----------------
Thanks in advance.
--
-----------------------------
Manuel Sanchez Cuenca
Departamento de Ingenieria de la Informacion y las Comunicaciones
Facultad de Informatica. Universidad de Murcia
Campus de Espinardo - 30080 Murcia (SPAIN)
Tel.: +34-968-364644 Fax: +34-968-364151
email: msc at dif.um.es | manuelsc at um.es
url: http://libra.inf.um.es/~lolo
--
-----------------------------
Manuel Sanchez Cuenca
Departamento de Ingenieria de la Informacion y las Comunicaciones
Facultad de Informatica. Universidad de Murcia
Campus de Espinardo - 30080 Murcia (SPAIN)
Tel.: +34-968-364644 Fax: +34-968-364151
email: msc at dif.um.es | manuelsc at um.es
url: http://libra.inf.um.es/~lolo
More information about the Freeradius-Users
mailing list