ldap backend and Realm

Mustapha Bouikhif Mustapha.Bouikhif at cnrs-gif.fr
Mon Nov 17 12:31:22 CET 2008


tnt at kalik.net a écrit :
>> My radius server is used to authenticate users from differents relams 
>> (lets say 8) against one ldap server.
>> My ldap server has 8 different basedn which holds users from the realms.
>> I want to use unlang to configure radiusd to use a specific ldap module 
>> configuration based on the realm of the user connected to the wireless 
>> network.
>> Can I use unlang with (switch %{Realm}statement) to do so ?
>>     
>
> Yes. If you can put %{Realm} into your basedn configuration line you
> might not need to.
>
> Ivan Kalik
> Kalik informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>   
Thanks Ivan. but i can not put Realm variable in my basedn configuration 
line.
I use unlang, here is my configuration radiusd.conf:

modules {

..............

ldap
            switch "%{Realm}" {
            case dr4.cnrs.fr  {
            server = "ldapauth.cnrs-gif.fr"
            identity = "uid=Manager,ou=people,dc=dr4,dc=cnrs,dc=fr"
            password = xxxxx
            basedn = "ou=people,dc=dr4,dc=cnrs,dc=fr"
            filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
            base_filter = "(objectclass=radiusprofile)"

          .....
          }

        case lsce.ipsl.fr {
            server = "ldapauth.cnrs-gif.fr"
            identity = "uid=Manager,ou=people,dc=lsce,dc=ipsl,dc=fr"
            password = regif2
            basedn = "ou=people,dc=lsce,dc=ipsl,dc=fr"
            filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
            base_filter = "(objectclass=radiusprofile)"
          ........
           }

case {
            server = "ldapauth.cnrs-gif.fr"
            identity = "uid=Manager,ou=people,dc=dr4,dc=cnrs,dc=fr"
            password = regif2
            basedn = "ou=people,dc=dr4,dc=cnrs,dc=fr"
            filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
            base_filter = "(objectclass=radiusprofile)"

          ...........
          }

authorize {
......



ldap
......
}

But when I restarted radiusd, it shows errors initializing modules -ldap-
What am I doing wrong ?

thanks for any clues.


-- 
Mustapha BOUIKHIF
Service Systèmes d'Information
CNRS - DR4 

tel: +33 1 69 82 33 97
fax: +33 1 69 82 33 39




More information about the Freeradius-Users mailing list