FR 3.0 with eDir
Olivier Beytrison
olivier at heliosnet.org
Mon Dec 16 08:23:59 CET 2013
On 16.12.2013 07:53, Hubert Kupper wrote:
> Hello,
>
> we have version 8.8 running too. How is your ldap config?
>
Nothing really special in the config. Almost a vanilla one (except an
update {} block that I have removed here)
ldap {
server = "my-ldap-server"
port = 636
identity = "cn=admin"
password = xxxxxxxxxx
base_dn = "ou=people,o=org"
edir = yes
edir_autz = yes
user {
base_dn = "${..base_dn}"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
}
group {
base_dn = "${..base_dn}"
filter = "(objectClass=posixGroup)"
membership_attribute = "memberOf"
}
profile {
}
client {
base_dn = "${..base_dn}"
filter = '(objectClass=frClient)'
attribute {
identifier = 'frClientIdentifier'
secret = 'frClientSecret'
}
}
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}}"
type {
start {
update {
description := "Online at %S"
}
}
interim-update {
update {
description := "Last seen at %S"
}
}
stop {
update {
description := "Offline at %S"
}
}
}
}
post-auth {
update {
description := "Authenticated at %S"
}
}
options {
chase_referrals = yes
rebind = yes
timeout = 10
timelimit = 3
net_timeout = 1
idle = 60
probes = 3
interval = 3
ldap_debug = 0x0028
}
tls {
}
pool {
start = 5
min = 4
max = 10
spare = 3
uses = 0
lifetime = 0
idle_timeout = 60
}
}
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mail: olivier at heliosnet.org
More information about the Freeradius-Users
mailing list