FreeRADIUS, OpenLDAP and F5 VSAs

[Ajinkya Fotedar]

Worked like a charm. Thank you so much Olivier !


On Thu, May 22, 2014 at 1:28 AM, Olivier Beytrison <olivier at heliosnet.org>wrote:

> On 21.05.2014 21:41, Ajinkya Fotedar wrote:
>
>> (0) ldap : reply:F5-LTM-User-Info-1 := 'F5-LTM-User-Info-1+=\"R&D\"'
>> (0) ldap : reply:F5-LTM-User-Info-1 := 'F5-LTM-User-Partition+=\"RnD\"'
>> (0) ldap : reply:F5-LTM-User-Info-1 := 'F5-LTM-User-Role+=\"100\"'
>> (0) ldap : reply:F5-LTM-User-Info-1 := 'F5-LTM-User-Shell+=\"tmsh\"'
>>
>
> what's actually wrong in your config is this entry in the ldap update map :
>
> reply:F5-LTM-User-Info-1     :=  'radiusReplyItem'
>
> if you're using 3.0.x you should actually use
> valuepair_attribute = "radiusReplyItem" in your ldap configuration
>
> and update your ldap entries to add the list :
>
>
> # R&D, Groups, F5, Configuration, NIS, vt
> dn: cn=R&D,ou=Groups,ou=F5,ou=Configuration,ou=NIS,o=vt
> cn: R&D
> description: Entiries for the R&D group user accounts
> member: uid=dawson,ou=People,ou=NIS,o=vt
> radiusReplyItem: reply:F5-LTM-User-Info-1+="R&D"
> radiusReplyItem: reply:F5-LTM-User-Partition+="RnD"
> radiusReplyItem: reply:F5-LTM-User-Role+=100
> radiusReplyItem: reply:F5-LTM-User-Shell+="tmsh"
>
> you could set in the update {} section
> reply: += 'radiusReplyItem' and this would also work, but this is provided
> as a backward compatibility. i'll encourage you to rather use the new
> valuepair_attribute
>
> for reference : https://github.com/FreeRADIUS/
> freeradius-server/blob/master/raddb/mods-available/ldap#L27
>
> Olivier
> --
>  Olivier Beytrison
>  Network & Security Engineer, HES-SO Fribourg
>  Mail: olivier at heliosnet.org
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140523/e27fc1db/attachment-0001.html>