Getting LDAP reply parameters
Chinnapaiyan, Nagamani
Nagamani.Chinnapaiyan at viasat.com
Mon Nov 18 16:46:44 CET 2019
Hi,
I am using Freeradius 4.x version(for DHCP). I am trying to use LDAP module. It seems LDAP authentication is successful and query is also successful.
But, I could not get the reply attributes from LDAP in to Free Radius attributes.
LDAP Module config:
Ldap {
...
update {
&reply:Reply-Message += 'DN'
&reply:Reply-Message += 'dn'
&reply:DHCP-Vendor += 'utConfig'
&control: += 'radiusControlAttribute'
&request: += 'radiusRequestAttribute'
&reply: += 'radiusReplyAttribute'
}
...
}
Freeradius dhcp site config:
recv DHCP-Discover {
...
ldap
"%{reply:Reply-Message}"
"%{reply:DHCP-Vendor}"
...
}
Radiusd -X output:
...
Instantiating module "ldap"
rlm_ldap (ldap) - Couldn't find configuration for accounting, will return NOOP for calls from this section
post-auth {
reference = "."
}
rlm_ldap (ldap) - Initialising connection pool
pool {
start = 4
min = 4
max = 4
max_pending = 0
spare = 1
uses = 0
lifetime = 0
cleanup_interval = 30
idle_timeout = 60
connect_timeout = 3
held_trigger_min = 0
held_trigger_max = 0.5
retry_delay = 30
spread = no
}
rlm_ldap (ldap) - Ignoring "spare = 1", forcing to "spare = 0"
rlm_ldap (ldap) - Opening additional connection (0), 1 of 4 pending slots used
rlm_ldap (ldap) - Waiting for bind result...
rlm_ldap (ldap) - Bind successful
rlm_ldap (ldap) - Performing search in "" with filter "(objectclass=*)", scope "base"
rlm_ldap (ldap) - Waiting for search result...
rlm_ldap (ldap) - Directory type: OpenLDAP
rlm_ldap (ldap) - Opening additional connection (1), 1 of 3 pending slots used
rlm_ldap (ldap) - Waiting for bind result...
rlm_ldap (ldap) - Bind successful
rlm_ldap (ldap) - Performing search in "" with filter "(objectclass=*)", scope "base"
rlm_ldap (ldap) - Waiting for search result...
rlm_ldap (ldap) - Directory type: OpenLDAP
rlm_ldap (ldap) - Opening additional connection (2), 1 of 2 pending slots used
rlm_ldap (ldap) - Waiting for bind result...
rlm_ldap (ldap) - Bind successful
rlm_ldap (ldap) - Performing search in "" with filter "(objectclass=*)", scope "base"
rlm_ldap (ldap) - Waiting for search result...
rlm_ldap (ldap) - Directory type: OpenLDAP
rlm_ldap (ldap) - Opening additional connection (3), 1 of 1 pending slots used
rlm_ldap (ldap) - Waiting for bind result...
rlm_ldap (ldap) - Bind successful
rlm_ldap (ldap) - Performing search in "" with filter "(objectclass=*)", scope "base"
rlm_ldap (ldap) - Waiting for search result...
rlm_ldap (ldap) - Directory type: OpenLDAP
...
(0) Received DHCP-Discover XID 8119ade4 from 127.0.0.1:6768 to 127.0.0.1:6767 via lo
...
(0) ldap - EXPAND .
(0) ldap - --> .
(0) ldap - EXPAND Authenticated at %S
(0) ldap - --> Authenticated at 2019-11-18 15:28:14
(0) ldap - Reserved connection (0)
(0) ldap - Performing search in "dc=viasat,dc=com" with filter "(cn=1,6,00:a0:bc:6c:7d:00)", scope "sub"
(0) ldap - Waiting for search result...
(0) ldap - User object found at DN "cn=1\,6\,00:A0:BC:6C:7D:00,dc=viasat,dc=com"
(0) ldap - Modifying object with DN "cn=1\,6\,00:A0:BC:6C:7D:00,dc=viasat,dc=com"
(0) ldap - Waiting for modify result...
(0) ldap - Released connection (0)
(0) ldap (ok)
(0) EXPAND %{reply:Reply-Message}
(0) --> (null)
(0) EXPAND %{reply:DHCP-Vendor}
(0) --> (null)
...
I could not get the "dn" attribute into "reply:Reply-Message".
Regards,
Nagamani Chinnapaiyan
More information about the Freeradius-Users
mailing list