Understanding dynamic radiusClients in openldap
Dave Macias
davama at gmail.com
Tue Feb 22 19:17:43 UTC 2022
>
> If it's there it'll be something like:
>
> map ldap
> "%{ldap:///ou=radius,dc=datacom,dc=net?cn?sub?(&(objectClass=radiusClient)(cn=%{Packet-Src-IPv6-Address})}"
> {
> &control:FreeRADIUS-Client-IPv6-Address = cn
> &control:FreeRADIUS-Client-Shortname = radiusClientShortname
> &control:FreeRADIUS-Client-Secret = radiusClientSecret
> }
>
> That picks out the fields from a single search result.
>
that is soo cool!
let me give that a shot! thank you!!
@Michael Ströder <michael at stroeder.com>
without map these are the logs:
Feb 22 14:12:52 openldap1-lab slapd[36643]: conn=1423 op=1 SRCH
base="ou=radius,dc=datacom,dc=net" scope=2 deref=0
filter="(&(objectClass=radiusClient)(cn=<redactedipv6>))"
Feb 22 14:12:52 openldap1-lab slapd[36643]: conn=1423 op=1 SRCH attr=cn
Feb 22 14:12:52 openldap1-lab slapd[36643]: conn=1423 op=1 SEARCH RESULT
tag=101 err=0 qtime=0.000049 etime=0.000346 nentries=1 text=
Feb 22 14:12:52 openldap1-lab slapd[36643]: conn=1424 op=1 SRCH
base="cn=<redactedipv6>,ou=clients,ou=radius,dc=datacom,dc=net" scope=0
deref=0 filter="(objectClass=*)"
Feb 22 14:12:52 openldap1-lab slapd[36643]: conn=1424 op=1 SRCH
attr=radiusClientShortname
Feb 22 14:12:52 openldap1-lab slapd[36643]: conn=1424 op=1 SEARCH RESULT
tag=101 err=0 qtime=0.000017 etime=0.000297 nentries=1 text=
Feb 22 14:12:52 openldap1-lab slapd[36643]: conn=1425 op=1 SRCH
base="cn=<redactedipv6>,ou=clients,ou=radius,dc=datacom,dc=net" scope=0
deref=0 filter="(objectClass=*)"
Feb 22 14:12:52 openldap1-lab slapd[36643]: conn=1425 op=1 SRCH
attr=radiusClientSecret
Feb 22 14:12:52 openldap1-lab slapd[36643]: conn=1425 op=1 SEARCH RESULT
tag=101 err=0 qtime=0.000019 etime=0.000287 nentries=1 text=
Feb 22 14:12:52 openldap1-lab slapd[36643]: conn=1426 op=1 SRCH
base="dc=datacom,dc=net" scope=2 deref=0 filter="(uid=myusername)"
Feb 22 14:12:52 openldap1-lab slapd[36643]: conn=1426 op=1 SRCH
attr=userPassword radiusControlAttribute radiusRequestAttribute
radiusReplyAttribute
Feb 22 14:12:53 openldap1-lab slapd[36643]: conn=1426 op=1 SEARCH RESULT
tag=101 err=0 qtime=0.000018 etime=0.346607 nentries=1 text=
Feb 22 14:12:53 openldap1-lab slapd[36643]: conn=1428 fd=20 ACCEPT from
IP=[::1]:38854 (IP=[::]:389)
Feb 22 14:12:53 openldap1-lab slapd[36643]: conn=1428 op=0 BIND
dn="cn=authuser,dc=datacom,dc=net" method=128
Feb 22 14:12:53 openldap1-lab slapd[36643]: conn=1428 op=0 BIND
dn="cn=authuser,dc=datacom,dc=net" mech=SIMPLE bind_ssf=0 ssf=0
Feb 22 14:12:53 openldap1-lab slapd[36643]: conn=1428 op=0 RESULT tag=97
err=0 qtime=0.000017 etime=0.011889 text=
Feb 22 14:12:53 openldap1-lab slapd[36643]: conn=1422 op=2 SRCH
base="ou=radius,dc=datacom,dc=net" scope=2 deref=0
filter="(&(objectClass=radiusClient)(cn=<redactedipv6>))"
Feb 22 14:12:53 openldap1-lab slapd[36643]: conn=1422 op=2 SRCH attr=cn
Feb 22 14:12:53 openldap1-lab slapd[36643]: conn=1422 op=2 SEARCH RESULT
tag=101 err=0 qtime=0.000013 etime=0.000800 nentries=1 text=
Feb 22 14:12:53 openldap1-lab slapd[36643]: conn=1427 op=1 SRCH
base="cn=<redactedipv6>,ou=clients,ou=radius,dc=datacom,dc=net" scope=0
deref=0 filter="(objectClass=*)"
Feb 22 14:12:53 openldap1-lab slapd[36643]: conn=1427 op=1 SRCH
attr=radiusClientShortname
Feb 22 14:12:53 openldap1-lab slapd[36643]: conn=1427 op=1 SEARCH RESULT
tag=101 err=0 qtime=0.000025 etime=0.000312 nentries=1 text=
Feb 22 14:12:53 openldap1-lab slapd[36643]: conn=1423 op=2 SRCH
base="cn=<redactedipv6>,ou=clients,ou=radius,dc=datacom,dc=net" scope=0
deref=0 filter="(objectClass=*)"
Feb 22 14:12:53 openldap1-lab slapd[36643]: conn=1423 op=2 SRCH
attr=radiusClientSecret
More information about the Freeradius-Users
mailing list