Understanding dynamic radiusClients in openldap
Michael Ströder
michael at stroeder.com
Thu Feb 3 20:36:41 UTC 2022
On 2/3/22 20:57, Dave Macias wrote:
> Im trying to create a client for a NAS in my ldap service
>
> dn: cn=xx:xx:xx:xxff:fe57:cd00,ou=clients,ou=radius,dc=datacom,dc=net
> objectClass: radiusClient
> cn: xx:xx:xx:xxff:fe57:cd00
> radiusClientShortname: location1
> radiusClientIdentifier: name-of-nas
> radiusClientSecret: asdfasdfasdfasdf123123asdf
>
> But I get:
> ldap_add: Object class violation (65)
> additional info: attribute 'cn' not allowed
Object class radiusClient is not defined to allow attribute 'cn'. You
probably want to combine that with another AUXILIARY object class.
I can only guess what 'cn' is supposed to store in your example. An IPv6
address? Or MAC address?
Depending on your particular needs combining radiusClient with AUXILIARY
object class(es) ipHost and/or ieee802Device might be what you're
looking for. Look at the MUST attributes of those object classes though.
Ciao, Michael.
P.S.: A schema-aware LDAP client with decent schema browser might lead
you more quickly into the right direction. Being the author of
https://www.web2ldap.de/ I'm biased of course.
P.P.S.: Doing something similar is on my Æ-DIR to-do list for quite a
while...
More information about the Freeradius-Users
mailing list