Multi-valued LDAP attribute configuration

Srinivasa R srinivasa.r at icts.res.in
Tue Sep 12 15:21:45 CEST 2017


On Tue, Sep 12, 2017 at 6:43 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Sep 12, 2017, at 9:00 AM, Srinivasa R <srinivasa.r at icts.res.in> wrote:
> >
> > I have installed FreeRADIUS server (Version 3.0.4)
>
>   I would suggest upgrading to 3.0.15.
>
Sure, I will upgrade it.


>
> > on Cent 7 OS and
> > configured the external authentication with 389-DS server using rlm_ldap
> > module. I would like to authenticate the mac address of all the user
> which
> > I have stored in LDAP. The macaddress field in LDAP is a multi value
> > attribute and the Freeraiud is communicating with LDAP without any
> issues,
> > but the freeradius is authenticating only the first macaddress value from
> > LDAP's multi value field.
>
>   That's how it works, unfortunately...
>
> > I would like to configure the Freeradius to authenticate all the values
> > from multi value filed.
>
>   What does that mean?  To allow any of those MAC addresses to be used?
>

I mean, I am storing 3 different macaddresses (like laptop, tab, & phone)
in a single LDAP attribute (multiple value). I want Freerdaius to check all
these 3 values from the LDAP before it send "Access-Accept" or
"Access-Reject" message.


> > Someone suggested that we can configure this using
> > rlm_python or rlm_perl module. I am not a coder and I am not able to find
> > any step by guide to configure the same. Could someone guide me on how to
> > configure the Freeradius to authenticate Multi-valued LDAP attribute?
>
>   FreeRADIUS doesn't support multivalued attributes like that.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html



Regards,

-- 

Srinivas R


More information about the Freeradius-Users mailing list