Understanding dynamic radiusClients in openldap

[Dave Macias]

Update:

added ldif client as so:

dn: cn=xxx:xx:x:x:x:xxff:fe57:cd00,ou=clients,ou=radius,dc=datacom,dc=net
objectClass: top
objectClass: radiusClient
objectClass: ipHost
cn: xxx:xx:x:x:x:xxff:fe57:cd00
ipHostNumber: xxx:xx:x:x:x:xxff:fe57:cd00
radiusClientShortname: location1
radiusClientIdentifier: my-nas-name
radiusClientSecret: mysecret

Not a fan of the repeated IP but just testing for now.
Next will be making it work as a dynamic client, but that's a separate
thread.

Thank you again for the awesome support!

Best,
Dave


On Thu, Feb 3, 2022 at 3:52 PM Dave Macias <davama at gmail.com> wrote:

> Thank you both for the quick responses!!
>
> master vs v3.X noted!
>
> Object class radiusClient is not defined to allow attribute 'cn'. You
>> probably want to combine that with another AUXILIARY object class
>
>
> Good point!
>
> I can only guess what 'cn' is supposed to store in your example. An IPv6
>> address? Or MAC address?
>>
>
> The ipv6 address, since if using flat files for dynamic clients, the file
> should be the <ipv6>.conf to my understanding...
> So I supposed since my clients will be defined in ldap, it should be
> cn=<ipv6> because I see this in the dynamic-clients file:
> https://github.com/FreeRADIUS/freeradius-server/blob/4f78232d924261dc0374f7532d6475bafe6cc849/raddb/sites-available/dynamic-clients#L199
>
>
>> Depending on your particular needs combining radiusClient with AUXILIARY
>> object class(es) ipHost and/or ieee802Device might be what you're
>> looking for. Look at the MUST attributes of those object classes though.
>>
>
> I'll give this a try. Appreciate the input!
>
>
>> Ciao, Michael.
>>
>> P.S.: A schema-aware LDAP client with decent schema browser might lead
>> you more quickly into the right direction. Being the author of
>> https://www.web2ldap.de/ I'm biased of course.
>>
>>
> Ha! This is very interesting.
>
> Thank you Alan and Michael again for the input!
>
> I will report back for posterity
>
> Best,
> Dave
>