FR 3.0 with eDir

Olivier Beytrison olivier at heliosnet.org
Mon Dec 16 08:23:59 CET 2013


On 16.12.2013 07:53, Hubert Kupper wrote:
> Hello,
> 
> we have version 8.8 running too. How is your ldap config?
> 
Nothing really special in the config. Almost a vanilla one (except an
update {} block that I have removed here)

ldap {
   server = "my-ldap-server"
   port = 636
   identity = "cn=admin"
   password = xxxxxxxxxx
   base_dn = "ou=people,o=org"
   edir = yes
   edir_autz = yes
   user {
      base_dn = "${..base_dn}"
      filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
   }
   group {
      base_dn = "${..base_dn}"
      filter = "(objectClass=posixGroup)"
      membership_attribute = "memberOf"
   }
   profile {
   }
   client {
      base_dn = "${..base_dn}"
      filter = '(objectClass=frClient)'
      attribute {
         identifier = 'frClientIdentifier'
         secret = 'frClientSecret'
      }
   }
   accounting {
      reference = "%{tolower:type.%{Acct-Status-Type}}"
      type {
         start {
            update {
               description := "Online at %S"
            }
         }
         interim-update {
            update {
               description := "Last seen at %S"
            }
         }
         stop {
            update {
               description := "Offline at %S"
            }
         }
      }
   }
   post-auth {
      update {
         description := "Authenticated at %S"
      }
   }
   options {
      chase_referrals = yes
      rebind = yes
      timeout = 10
      timelimit = 3
      net_timeout = 1
      idle = 60
      probes = 3
      interval = 3
      ldap_debug = 0x0028
   }
   tls {
   }
   pool {
      start = 5
      min = 4
      max = 10
      spare = 3
      uses = 0
      lifetime = 0
      idle_timeout = 60
   }
}

-- 

 Olivier Beytrison
 Network & Security Engineer, HES-SO Fribourg
 Mail: olivier at heliosnet.org


More information about the Freeradius-Users mailing list