Looks really close. It's not LDIF format, but it's very close. Try this: 1) change 'attributetype' to 'attributetypes:' (notice the :) 2) change 'objectclass' to 'objectclasses:' 3) remove all lines that begin with # (shouldn't be necessary, but do it just to make sure) 4) either make all definitions on one line or make sure continuation lines begin with a single space character
Then you should have a file in proper LDIF format. Rename your file to e.g. 60radiator.ldif, copy it into your server root/slapd-<instance>/config/schema, and restart slapd-<instance>. If you are going to be creating new instances of DS in the same server root, also copy the file to server root/bin/slapd/install/schema to make it available to new instances.
awrightus wrote:
Sure.
Steve
----
# radiator-ldap.schema # # Sample OpenLDAP schema for Radiator (www.open.com.au/radiator) for # use with AuthLDAPRADIUS # # To use this schema, add a line like this to your /etc/openldap/slapd.conf: # include /path/to/your/radiator-ldap.schema # # A sample LDIF file to insert a sample record for testing can be found # in goodies/radiator-ldap.ldif # # Author: Mike McCauley ([EMAIL PROTECTED]) # Copyright (C) 2004 Open System Consultants # $Id: radiator-ldap.schema,v 1.2 2004/10/04 10:35:03 mikem Exp $
# The following OID arcs are defined: # 1.3.6.1.4.1.9048.1.1 OSC defined attribute types # 1.3.6.1.4.1.9048.1.2 OSC defined attribute syntaxes # 1.3.6.1.4.1.9048.1.3 OSC defined object classes
############################################################################ # oscRadiusRealm object defines which Radius servers to proxy users # from a given realm.
attributetype ( 1.3.6.1.4.1.9048.1.1.1 NAME 'oscRadiusTarget' DESC 'Users with this realm will be proxied to the specified oscRadiusHost' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} )
attributetype ( 1.3.6.1.4.1.9048.1.1.2 NAME 'oscRadiusHost' DESC 'Name or IP address of a radius host to proxy to' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} )
attributetype ( 1.3.6.1.4.1.9048.1.1.3 NAME 'oscRadiusSecret' DESC 'Shared secret for Radius client or remote server' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} )
attributetype ( 1.3.6.1.4.1.9048.1.1.4 NAME 'oscRadiusAuthPort' DESC 'Authentication port number or name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{20} SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.5 NAME 'oscRadiusAcctPort' DESC 'Accounting port number or name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{20} SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.6 NAME 'oscRadiusRetries' DESC 'Max number of retransmissions' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.7 NAME 'oscRadiusRetryTimeout' DESC 'Number of seconds to wait before retransmission' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.8 NAME 'oscRadiusUseOldAscendPasswords' DESC 'True if old Ascend compatible passwords are to be sent' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.9 NAME 'oscRadiusServerHasBrokenPortNumbers' DESC 'True if remote server replies from different port the request was sent to' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.10 NAME 'oscRadiusServerHasBrokenAddresses' DESC 'True if remote server replies from different address the request was sent to' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.11 NAME 'oscRadiusIgnoreReplySignature' DESC 'True if the signature in replies from the remote server are known to be incorrect' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)
# Value of failure policy can be: # 0 ACCEPT # 1 REJECT # 2 IGNORE # 3 CHALLENGE # 4 REJECT_IMMEDIATE attributetype ( 1.3.6.1.4.1.9048.1.1.12 NAME 'oscRadiusFailurePolicy' DESC 'How to respond to original request if no reply is ever received from remote server' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
objectclass ( 1.3.6.1.4.1.9048.1.3.1 NAME 'oscRadiusRealm' SUP top STRUCTURAL DESC 'OSC Radius proxy realm' MUST ( oscRadiusTarget $ oscRadiusHost $ oscRadiusSecret) MAY ( cn $ oscRadiusAuthPort $ oscRadiusAcctPort $ oscRadiusRetries $ oscRadiusRetryTimeout $ oscRadiusUseOldAscendPasswords $ oscRadiusServerHasBrokenPortNumbers $ oscRadiusServerHasBrokenAddresses $ oscRadiusIgnoreReplySignature $ oscRadiusFailurePolicy))
############################################################################ # oscRadiusClient object defines which Radius clients we are willing to accept # requests from. Note that the attribute names are derived from the standard Clinet clause paramter names, # and are consistent with the default behaviour of the ClientListLDAP clause
attributetype ( 1.3.6.1.4.1.9048.1.1.21 NAME 'oscRadiusClientName' DESC 'Requests from Radius clients with this name or address will be hounoured by Radiator' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} )
attributetype ( 1.3.6.1.4.1.9048.1.1.22 NAME 'oscRadiusIgnoreAcctSignature' DESC 'True if the signature in accounting requests from this client are known to be incorrect' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.23 NAME 'oscRadiusDupInterval' DESC 'Duplicate requests received withing this interval in seconds are ignored' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.24 NAME 'oscRadiusNasType' DESC 'Type of NAS' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.25 NAME 'oscRadiusSNMPCommunity' DESC 'The Community name for accessing SNMP on this client' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.26 NAME 'oscRadiusLivingstonOffs' DESC 'Offset for calculating missing ports' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.27 NAME 'oscRadiusLivingstonHole' DESC 'Gap for calculating missing ports' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.28 NAME 'oscRadiusFramedGroupBaseAddress' DESC 'Base address for calculating IP addresses' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} )
attributetype ( 1.3.6.1.4.1.9048.1.1.29 NAME 'oscRadiusFramedGroupMaxPortsPerClassC' DESC 'Max number of IP addresses to be allocated within a class C address range' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.30 NAME 'oscRadiusFramedGroupPortOffset' DESC 'Offset for calulating IP addresses' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.31 NAME 'oscRadiusRewriteUsername' DESC 'Pattern for rewriting usernames' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{100} )
attributetype ( 1.3.6.1.4.1.9048.1.1.32 NAME 'oscRadiusStatusServerShowClientDetails' DESC 'True if Status-Server requests from this client should include Clinet details in the reply' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.33 NAME 'oscRadiusPreHandlerHook' DESC 'Perl code to be run before requests from this cleint are passed to a handler' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
attributetype ( 1.3.6.1.4.1.9048.1.1.34 NAME 'oscRadiusPacketTrace' DESC 'True if requests received from this client are top be packet-traced' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.35 NAME 'oscRadiusIdenticalClients' DESC 'Names and addresses of other Clients with identical configuration' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{50} )
attributetype ( 1.3.6.1.4.1.9048.1.1.36 NAME 'oscRadiusNoIgnoreDuplicates' DESC 'Name of a request type for whioch duplicates will not be ignored' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{100} )
attributetype ( 1.3.6.1.4.1.9048.1.1.37 NAME 'oscRadiusDefaultReply' DESC 'Names and values of reply attributes which will be added only if the reply would otherwise have no reply attributes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )
attributetype ( 1.3.6.1.4.1.9048.1.1.38 NAME 'oscRadiusFramedGroup' DESC 'Base address for Framed-Group' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE)
attributetype ( 1.3.6.1.4.1.9048.1.1.39 NAME 'oscRadiusStripFromReply' DESC 'Names of attributes which will be stripped from all replies to this client' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )
attributetype ( 1.3.6.1.4.1.9048.1.1.40 NAME 'oscRadiusAllowInReply' DESC 'Names of attributes which are allowed in replies to this client' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )
attributetype ( 1.3.6.1.4.1.9048.1.1.41 NAME 'oscRadiusAddToReply' DESC 'Names and values of reply attributes which will be added to the reply' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )
attributetype ( 1.3.6.1.4.1.9048.1.1.42 NAME 'oscRadiusAddToReplyIfNotExist' DESC 'Names and values of reply attributes which will be added to the reply only if they are not already present' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )
attributetype ( 1.3.6.1.4.1.9048.1.1.43 NAME 'oscRadiusDynamicReply' DESC 'Names of attributes which are eligible for runtime variable substitution' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )
attributetype ( 1.3.6.1.4.1.9048.1.1.44 NAME 'oscRadiusStripfromRequest' DESC 'Names of attributes which are to be stripped from the request before being passed to a Handler' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )
attributetype ( 1.3.6.1.4.1.9048.1.1.45 NAME 'oscRadiusAddToRequest' DESC 'Names and values of reply attributes which will be added to the request before being passed to a Handler' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )
attributetype ( 1.3.6.1.4.1.9048.1.1.46 NAME 'oscRadiusAddToRequestIfNotExist' DESC 'Names and values of reply attributes which will be added to the request before being passed to a Handler if they are not already present' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{200} )
objectclass ( 1.3.6.1.4.1.9048.1.3.21 NAME 'oscRadiusClient' SUP top STRUCTURAL DESC 'OSC Radius Client' MUST ( oscRadiusClientName $ oscRadiusSecret) MAY ( cn $ oscRadiusIgnoreAcctSignature $ oscRadiusDupInterval $ oscRadiusNasType $ oscRadiusSNMPCommunity $ oscRadiusLivingstonOffs $ oscRadiusLivingstonHole $ oscRadiusFramedGroupBaseAddress $ oscRadiusFramedGroupMaxPortsPerClassC $ oscRadiusFramedGroupPortOffset $ oscRadiusRewriteUsername $ oscRadiusUseOldAscendPasswords $ oscRadiusStatusServerShowClientDetails $ oscRadiusPreHandlerHook $ oscRadiusPacketTrace $ oscRadiusIdenticalClients $ oscRadiusNoIgnoreDuplicates $ oscRadiusDefaultReply $ oscRadiusFramedGroup $ oscRadiusStripFromReply $ oscRadiusAllowInReply $ oscRadiusAddToReply $ oscRadiusAddToReplyIfNotExist $ oscRadiusDynamicReply $ oscRadiusStripfromRequest $ oscRadiusAddToRequest $ oscRadiusAddToRequestIfNotExist))
----
Rich Megginson <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>...
Could you post the OpenLDAP .schema file?
awrightus wrote:
I have a OpenLDAP .schema file that I want to import into my Netscape
Directory Server 6.1 schema. The format of the OpenLDAP .schema file
doesn't use the exact same syntax as what's required by 99user.ldif. Is there an easy way to update Netscape's schema with the contents of
a OpenLDAP .schema file? Thanks.
Steve
_______________________________________________ mozilla-directory mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-directory
