Upgrading from FreeRadius 2 to 3. Some pointers.
jan hugo prins
jhp at jhprins.org
Wed Sep 20 23:51:32 CEST 2017
Hello,
I need to migrate my configuration from FreeRadius 2 to FreeRadius 3 and
I would like some quick pointers.
In my version 2 cauthorize {
onfig I have the following construct:
authorize {
.
.
.
.
if ( Realm == "aaa.com" ) {
ldap_aaa
}
if ( Realm == "bbb.com" ) {
ldap_bbb
}
.
.
.
}
In modules/ldap
ldap ldap_aaa {
server = "ldap.domain.local"
basedn = "ou=aaa,dc=bedrijf,dc=com"
filter = "(mailLocalAddress=%{User-Name})"
groupname_attribute = cn
groupmembership_filter =
"(&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name}))"
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
tls {
start_tls = no
}
dictionary_mapping = ${confdir}/ldap.attrmap
edir_account_policy_check = no
}
ldap ldap_bbb {
server = "ldap.domain.local"
basedn = "ou=bbb,dc=bedrijf,dc=com"
filter = "(mailLocalAddress=%{User-Name})"
groupname_attribute = cn
groupmembership_filter =
"(&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name}))"
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
tls {
start_tls = no
}
dictionary_mapping = ${confdir}/ldap.attrmap
edir_account_policy_check = no
}
This works fine in FreeRadius 2, but in FreeRadius 3 I get an error on
the if construct in the authorize section.
The only difference between the 2 ldap parts is the basedn. How can I
make this construct work in FreeRadius 3?
Can I do something like this?
ldap {
server = "ldap.domain.local"
if ( Realm == "aaa.com" ) {
basedn = "ou=aaa,dc=bedrijf,dc=com"
}
if ( Realm == "bbb.com" ) {
basedn = "ou=bbb,dc=bedrijf,dc=com"
}
filter = "(mailLocalAddress=%{User-Name})"
groupname_attribute = cn
groupmembership_filter =
"(&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name}))"
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
tls {
start_tls = no
}
dictionary_mapping = ${confdir}/ldap.attrmap
edir_account_policy_check = no
}
Jan Hugo Prins
More information about the Freeradius-Users
mailing list