ldap checkitem

Nicolas Edel nicolas.edel at gmail.com
Wed Nov 5 11:18:34 CET 2014


On Tue, Nov 4, 2014 at 9:24 PM, Nicolas EDEL <nicolas.edel at gmail.com> wrote:
> On 11/04/14 15:45, Arran Cudbard-Bell wrote:
>>
>>> On 4 Nov 2014, at 02:41, Nicolas Edel <nicolas.edel at gmail.com> wrote:
>>>
>>> Hi list,
>>>
>>> I am working on upgrading my server using freeradius 2 to freeradius 3.
>>> The setup I am using makes use of an LDAP server to store users conf,
>>> and for some of them I'd like to use ldap authorization *and*
>>> authentication. That was done by both using an ldap.attrmap file on
>>> the radius side and setting the radiusAuthType parameter to LDAP into
>>> the directory.
>>> Now with freeradius 3, although the doc
>>
>>
>> Which doc?
>
> freeradius-server-3.0.4/doc/modules/ldap_howto.rst
>
>>> still refers to the
>>> dictionary_mapping parameter to load the ldap.attrmap file, it looks
>>> the latter is no longer loaded and the server complains the Auth-Type
>>> is not set (unless I force it in the autorize section). How is this
>>> supposed to work know ?
>>
>> Read the comments in mods-available/ldap
>>
>> https://github.com/FreeRADIUS/freeradius-server/blob/master/raddb/mods-available/ldap#L72
>
>
> Ok I'll do, having a more precise location to look at will help.
>

Ok, it works fine using control:Auth-Type

Another question though: the FreeRADIUS schema for OpenLDAP
(freeradius-server-3.0.4/doc/schemas/ldap/openldap/freeradius.schema)
no longer defines the radiusReplyItem object that used to have the
1.3.6.1.4.1.3317.4.3.1.60 oid.
Any idea of the reason why ?

Thanks,

:Nicolas


More information about the Freeradius-Users mailing list