Username from LDAP in proxy request

Ivan Kalik tnt at kalik.net
Mon Aug 31 19:27:56 CEST 2009


> I'm looking for some help with proxying requests using free-radius.  I
> have
> a situation where I need to perform a query to an LDAP that contains
> both
> the back-end authentication server as well as username for a user.  For
> example, the User-Name in the originating request may be User1.
> FreeRADIUS
> then queries LDAP, which contains attributes called authenticationserver
> and
> authenticationuname.  The authenticationserver is where the request
> should
> be proxied to, and the authenticationuname is the User-Name that should
> be
> substituted for the original user-name in the proxy request.  I have the
> first part working, where I mapped authenticationservername to
> Proxy-To-Realm in the ldapmap file.  I also setup all the possible
> values as
> realms.  The server is now forwarding requests based on what it gets
> back in
> the LDAP query.  I'm stuck however at trying to substitute the User-Name
> from what is retrieved from LDAP.
> Anybody know anyway to do this?

Create a new attribute New-User-Name in raddb/dictionary. Map it to
authenticationuname in ldap.attrmap. Use unlang to replace User-Name with
it in pre-proxy section.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list