Chris Carver a �crit :
Mathieu B�nard wrote:
2: From what I read in the /lib/ldap/create_user.php3:
$dn = 'uid=' . $login . ',' . $config[ldap_default_new_entry_suffix];
$new_user_entry["objectclass"][0]="top";
$new_user_entry["objectclass"][1]="person";
$new_user_entry["objectclass"][2]="organizationalPerson";
$new_user_entry["objectclass"][3]="inetOrgPerson";
$new_user_entry["objectclass"][4]="radiusprofile";
dialupadmin intend to use an old radius LDAP schema instead of RADIUS-LDAPv3.schema. It uses "uid=" as mandatory attribute, but with RADIUS-LDAPv3.schema, "cn=" is expected.
I don't want to modify the source of dialupadmin, so should I use an older radius schema, or modify it by myself ?
I modified my schema to use "cn=" The objectclass radiusprofile is constructed as follows:
objectclass
( 1.3.6.1.4.1.3317.4.3.2.1
NAME 'radiusprofile'
SUP top STRUCTURAL
DESC ''
MUST cn
MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $
radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $
radiusCalledStationId $ radiusCallingStationId $ radiusClass $
radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $
radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $
radiusFramedCompression $ radiusFramedIPAddress $
radiusFramedCompression $ radiusFramedIPAddress $
radiusFramedIPNetmask $ radiusFramedIPXNetwork $
radiusFramedMTU $ radiusFramedProtocol $
radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $
radiusGroupName $ radiusHint $ radiusHuntgroupName $
radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $
radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $
radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $
radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $
radiusRealm $ radiusReplicateToRealm $ radiusServiceType $
radiusSessionTimeout $ radiusStripUserName $
radiusTerminationAction $ radiusTunnelAssignmentId $
radiusTunnelClientEndpoint $ radiusIdleTimeout $
radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $
radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $
radiusLoginTCPPort $ radiusPasswordRetry $ radiusPortLimit $
radiusPrompt $ radiusProfileDn $ radiusServiceType $
radiusSessionTimeout $ radiusSimultaneousUse $
radiusTerminationAction $ radiusTunnelAssignmentId $
radiusTunnelClientEndpoint $ radiusTunnelMediumType $
radiusTunnelPassword $ radiusTunnelPreference $
radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $
radiusTunnelType $ radiusUserCategory $ radiusVSA )
)
I hope that helps.
-Chris
First of all thanks for your answer.
What do you mean by modifiying your schema ? What you show is the original LDAP schema provided with freeradius. This schema cannot work with the following statement in dialupadmin (for example): $dn = 'uid=' . $login . ',' . $config[ldap_default_new_entry_suffix];
To make it clear, my problem is that the codelines of DialupAdmin's user management pages don't fit the LDAP schema provided with freeradius (RADIUS-LDAPv3.schema). In my opinion there are only 2 options:
- Modify dialupadmin according to the FreeRadius LDAP schema, what I don't intend to do because there are several pages involved and it may make it quite unstable.
- Modify the RADIUS LDAP schema according to what dialupadmin is trying to do. I don't want to do this either, because it is the one provided with freeradius, so it doesn't seem a good idea to modify it
How am I supposed to make it work without modifying freeradius LDAP schema or dialupadmin ? I am surprised that it doesn't seem to be a well-known issue. Am I missing something ?
Thanks in advance,
Mafioo
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
