Arbitrary attributes for dynamic clients

Tue Oct 21 00:07:51 CEST 2014

> On 13 Oct 2014, at 10:27, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> 
> 
> On 9 Oct 2014, at 22:17, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> 
>> In latest v3.0.x HEAD the server will now process all attributes in the control list
>> when creating dynamic clients.
>> 
>> Attributes that are not consumed filling in the fields of the client, will be added as
>> config items which can be accessed using the "%{client:}" xlat.
> 
> Equivalent changes made for rlm_ldap.

rlm_ldap module now supports nested sections in clients.

	#
	#  Bulk load clients from the directory
	#
	client {
		#   Where to start searching in the tree for clients
		base_dn = "${..base_dn}"

		#
		#  Filter to match client objects
		#
		filter = '(objectClass=radiusClient)'

		# Search scope, may be 'base', 'one', 'sub' or 'children'
#		scope = 'sub'

		#
		#  Client attribute mappings are in the format:
		#      <client attribute> = <ldap attribute>
		#
		#  The following attributes are required:
		#    * ipaddr | ipv4addr | ipv6addr - Client IP Address.
		#    * secret - RADIUS shared secret.
		#
		#  All other attributes usually supported in a client
		#  definition are also supported here.
		#
		#  Schemas are available in doc/schemas/ldap for openldap and eDirectory
		#
		attribute {
			ipaddr				= 'radiusClientIdentifier'
			secret				= 'radiusClientSecret'
#			shortname			= 'radiusClientShortname'
#			nas_type			= 'radiusClientType'
#			virtual_server			= 'radiusClientVirtualServer'
#			require_message_authenticator	= 'radiusClientRequireMa'
#			limit {
#				max_connections = 'radiusClientMaxConnections'
#				lifetime = 'radiusClientLifetime'
#				idle_timeout = 'radiusClientIdleTimeout'
#			}
		}
	}

I've not defined the new schema attributes yet, probably tomorrow.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2