RADIUS-LDAPv3.schema attribute description(s)

Kostas Kalevras kkalev at noc.ntua.gr
Fri Sep 14 12:14:07 CEST 2007 

O/H Turbo Fredriksson έγραψε:
> Quoting Turbo Fredriksson <turbo at dagdrivarn.se>:
>
>   
>> Is there any documentation of the attributes in the LDAP
>> schema?
>>
>> I'm trying to write a GUI manager for RADIUS (actually a
>> 'plugin' to my http://phpQLAdmin.com) but I don't know
>> how to write the lead text to the form...
>>     
>
> Cross referencing with the ldap.attrmap, I managed to make
> the following patch. But a DESCription like:
>
>     DESC 'replyItem: Reply-Message'
>
> for the LDAP attribute 'radiusReplyMessage', it kind'a sucks.
> Maybe there's better documentation for the RADIUS attribute.
> I'll check...
>
>
> But that still leaves no mapping for the following RADIUS
> attributes:
>
>   dialupAccess
>   
See doc/rlm_ldap

>   radiusArapFeatures
>   radiusArapSecurity
>   radiusArapZoneAccess
>   radiusClientIPAddress
>   
Maped to Client-IP-Address, could be used to only allow access to 
specific client-ip-address for a user

>   radiusGroupName
>   radiusHint
>   
Hint attribute

>   radiusHuntgroupName
>   
Huntgroups

>   radiusLoginTime
>   
The Login-Time attribute used by the corresponding module

>   radiusPasswordRetry
>   radiusProfileDn
>   

Used for ldap radius regular profiles. See doc/rlm_ldap

>   radiusPrompt
>   radiusProxyToRealm
>   
Proxy-To-Realm. I think this attribute is deprecated.

>   radiusRealm
>   
Realm attribute.

>   radiusReplicateToRealm
>   
Replicate-To-Realm. Again I think this attribute is deprecated.

>   radiusStripUserName
>   radiusTunnelAssignmentId
>   radiusTunnelClientEndpoint
>   radiusTunnelMediumType
>   radiusTunnelPassword
>   radiusTunnelPreference
>   radiusTunnelPrivateGroupId
>   radiusTunnelServerEndpoint
>   radiusTunnelType
>   radiusUserCategory
>   radiusVSA
>
> At least, they are'nt referenced in ldap.attrmap. Oversight, are these
> LDAP attributes deprecated (or not implemented)?
>
> One I recognize is 'radiusRealm'. Must be the RADIUS attribute 'Realm',
> right? Shouldn't that be in ldap.attrmap?
>
>
> If someone could finish the line(s) above ({reply,check}Item) and the
> corresponding RADIUS attribute, I'm happy to produce a good patch for
> this...
>
>   
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
Kostas Kalevras - Network Operations Center
National Technical University of Athens
http://kkalev.wordpress.com

More information about the Freeradius-Users mailing list