[EMAIL PROTECTED] a écrit :
I use unlang, here is my configuration radiusd.conf:
modules {
...............
ldap
switch "%{Realm}" {
case dr4.cnrs.fr {
1. What version is this? Unlang works onl y in 2.x? ldap is not in
radiusd.conf in that version any more.
2. unlang works in server not module configuration files. Create a
temporary attribute to store basedn in raddb/dictionary file (lets say a
string My-BaseDN). Than do this just before ldap in authorize:
switch "%{Realm}" {
case "dr4.cnrs.fr" {
update control {
My-BaseDN = "ou=people,dc=dr4,dc=cnrs,dc=fr"
}
}
case ...
}
In ldap module configuration:
ldap {
server = "ldapauth.cnrs-gif.fr"
identity = "uid=Manager,%{control:My-BaseDN}"
password = whatever
basedn = "%{control:My-BaseDN}"
..
}
If password also changes you will need another temp attribute (lets say
My-Password) to update with My-BaseDN and to replace for "whatever".
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks Ivan, but still doesn't work...
In my /etc/raddb/dictionary file:
ATTRIBUTE My-BaseDN 10 string
radiusd.conf configured like you said (module ldap, authorize section)
radiusd starts and logs says:
Nov 17 15:13:31 localradius radiusd[8420]: Ready to process requests.
Nov 17 15:13:39 localradius radiusd[8420]: rlm_ldap:
uid=Manager,%{control:My-BaseDN} bind to ldapauth.cnrs-gif.fr:389 failed
Invalid DN syntax
Nov 17 15:13:39 localradius radiusd[8420]: rlm_ldap: (re)connection
attempt failed
radiusd can not replace the temporary attribute (My-BaseDN) with the
correct value ...
May be cause the ldap module is called before authorize section where
My-BaseDN is defined ??
--
Mustapha BOUIKHIF
Service Systèmes d'Information
CNRS - DR4
tel: +33 1 69 82 33 97
fax: +33 1 69 82 33 39
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
