FreeRADIUS 3 LDAP Questions

[Arran Cudbard-Bell]

On 26 Nov 2013, at 06:56, Hachmer, Tobias <Tobias.Hachmer at stadt-frankfurt.de> wrote:

> Hello list members,
>  
> I am migrating here from FreeRADIUS v2 to v3 and have some questions regarding the ldap module.
>  
> As I understand everyone has to do the LDAP Attribute Mapping manually:
> -       It would be much easier if the old ldap.attrmap would be translated already, maybe commented.

Feel free to write a perl script to translate it into an update stanza.

> -       All checkItems have to defined with “control: … := …”?

or request: or reply: and it will default to request.

>  
> valuepair_attribute
> -       Can I define multiple valuepair attributes? I just want radiusCheckItem and radiusReplyItem

No, and they wouldn't operate how you expect anyway. They would both go into the request list.
Again, a migration script might be useful.

> By default there are no hardcoded attribute mappings?

Correct. Though LDAP-User-DN will usually be populated.
 
> Our servers here just asking a read-only ldap server. The new accounting options of the ldap module need to write to ldap.
> -       Would it be sufficient just to comment the whole accounting and post-auth section if we do not need them?

Correct, or, just don't list LDAP in Post-Auth or Accounting...

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team