Again: clients.conf storage in ldap

Phil Mayers p.mayers at
Fri Dec 3 15:13:04 CET 2010

On 03/12/10 13:52, Michal Bruncko wrote:
> Hello list,
> I have found one old discussion in freeradius maillist about storing
> RADIUS clients definitions in LDAP.
> That discussion is from date 23 Nov 2004 and is in following link:
> I want to ask what is the status of integrating clients.conf in LDAP
> storage now, four years later from that discussion?
> This integration is interesting and makes the configuration more
> centralized.

FreeRadius 2 has support for dynamic clients; with that I guess the 
"ldap" module can be used to reply to the dynamic client queries with 
"xlat" values or (with a 2nd instance and custom ldap.attrmap) read them 
wholesale out of LDAP.

For example:

modules {
   ldap ldap_clients {
     ... ldap config

     dictionary_mapping = ldap.attrmap_clients
     base = ...
     filter = (radiusClientIP=%{Packet-Src-IP-Address})


client dynamic {
   ipaddr =
   netmask = 16
   dynamic_client = dyn_clients_ldap
   lifetime = 3600

server dyn_clients_ldap {
   authorize {

...and in ldap.attrmap_clients:

checkItem FreeRADIUS-Client-Secret     radiusClientSecret
checkItem FreeRADIUS-Client-IP-Address radiusClientIP
checkItem FreeRADIUS-Client-Shortname  cn

...obviously modify for your LDAP schema.

More information about the Freeradius-Users mailing list