LDAP Groups to Freeradius and then Ruckus Wireless?

[Arran Cudbard-Bell]

On 26 May 2014, at 10:53, Enrique Sainz Baixauli <enriquesainz.beca at intef.educacion.es> wrote:

>>>> You should be able to use the attrmap file to map memberOf or 
>>>> whatever
>>> membership attribute you use to a reply attribute.
>>> 
>>> So I included in /usr/share/freeradius/dictionary a new 
>>> dictionary.ruckus file with vendor information for Ruckus that defines 
>>> the attribute to be
>>> returned:
>>> [...]
>>> ATTRIBUTE	Ruckus-User-Groups	1	string
>>> [...]
>>> 
>>> And a new line in ldap.attrmap to reply that attribute:
>>> replyItem	Ruckus-User-Groups	member
>>> 
>>> member being the groupmember_attribute set in modules/ldap, and also 
>>> the attribute name in LDAP that makes membership effective.
>>> But the result is the same, no additional debug output in radiusd -XXX 
>>> or when testing a user authentication with radtest. Am I doing 
>>> anything wrong here?
>> 
>> Nope, trace the LDAP conversation with wireshark and see what's being
> requested and returned.
>> 
> 
> So I'm capturing the whole conversation but I can't see anything useful:
> there is a first searchRequest for the user being authenticated, then a
> successful searchResEntry with the user's DN

That should contain a request for the 'member' attribute. If it doesn't 
there's an issue with your config, or a bug in that version of rlm_ldap.

My suggestion again is to try v3.0.3, or debug the v2.x.x code yourself.

It was weeks of effort to rewrite the rlm_ldap module for version v3.0.x,
it was done for a reason.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140526/eca6898c/attachment.pgp>