Understanding dynamic radiusClients in openldap
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Tue Feb 22 18:52:41 UTC 2022
> On Feb 22, 2022, at 1:30 PM, Michael Ströder via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> On 2/22/22 19:23, Dave Macias wrote:
>> if ("%{ldap:ldap:///ou=radius,dc=datacom,dc=net?cn?sub?(&(objectClass=radiusClient)(cn=%{Packet-Src-IPv6-Address}))}") {
>> update control {
>> &FreeRADIUS-Client-IPv6-Address = "%{Packet-Src-IPv6-Address}"
>> &FreeRADIUS-Client-Shortname = "%{ldap:ldap:///cn=%{Packet-Src-IPv6-Address},ou=clients,ou=radius,dc=datacom,dc=net?radiusClientShortname?}"
>> &FreeRADIUS-Client-Secret = "%{ldap:ldap:///cn=%{Packet-Src-IPv6-Address},ou=clients,ou=radius,dc=datacom,dc=net?radiusClientSecret?}"
>> }
>> }
>
> Because I want to add RADIUS client management to my Æ-DIR I'd like to know how many LDAP search requests are caused by the above. Could you please have a look at your logs?
At least three. It's better to use the map keyword... I think that made it into v3.0.x.
If it's there it'll be something like:
map ldap "%{ldap:///ou=radius,dc=datacom,dc=net?cn?sub?(&(objectClass=radiusClient)(cn=%{Packet-Src-IPv6-Address})}" {
&control:FreeRADIUS-Client-IPv6-Address = cn
&control:FreeRADIUS-Client-Shortname = radiusClientShortname
&control:FreeRADIUS-Client-Secret = radiusClientSecret
}
That picks out the fields from a single search result.
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20220222/8b032df0/attachment.sig>
More information about the Freeradius-Users
mailing list