Mapping ldap attribute with radius attribute...howto?
Eric Martell
workoutexcite at yahoo.com
Wed Apr 2 17:03:38 CEST 2008
Hi Alan,
Can you please reply me about LDAP multiple attributes in the radius reply response on this? Will really appreciated.
>>
I searched the following thread for ldap multiple attributes but it did not have right logic without changing data.
http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg19275.html
As we do not control the change of ldap data as it is legacy.
For ldap multiple attributes I am getting ONLY first value.
rlm_ldap: LDAP attribute roleid as RADIUS attribute rCidx = "111111"
rlm_ldap: LDAP attribute entitlements as RADIUS attribute rEntitlements = "test1"
rlm_ldap: LDAP attribute entitlements as RADIUS attribute rEntitlements = "test2"
rlm_ldap: LDAP attribute entitlements as RADIUS attribute rEntitlements = "test3"
rlm_ldap: LDAP attribute roleid as RADIUS attribute rCidx = "111111"
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
rlm_ldap: user 0014F846C199 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [0014F846C199/<via Auth-Type = Accept>] (from client samir port 0)
Sending Access-Accept of id 21 to 216.2.193.1 port 20070
rEntitlements = "test1"
rCidx = "111111"
>>>>>
Alan DeKok <aland at deployingradius.com> wrote: Eric Martell wrote:
> I am using NTRadPing to test the authorization.
> I see in the log, radius attribute is mapped to ldap attribute and
> returning valid value
> rlm_ldap: LDAP attribute roleid as RADIUS attribute rCidx = "111111"
>
> but I did not see it in the Sending Access-Accept reply to NAS.
Attributes between 1 and 255 can go into a packet. Attributes greater
than that cannot go into a packet.
You will need to define a vendor-specific dictionary for your
attribute. See share/dictionary.*
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080402/710dccc6/attachment.html>
More information about the Freeradius-Users
mailing list