Re: LDAP related questions
On Sat, Jul 01, 2006 at 12:04:24PM -0400, Alan DeKok wrote: > Kostas Zorbadelos <[EMAIL PROTECTED]> wrote: > > I saw the cvs version and indeed it contains the code you > > describe. This is a very useful feature. The feature is not contained > > in the latest stable (1.1.2) version. Will it be in the next? > > Probably in 2.0, which we hope to release before the next millenium. > OK, till then, I guess if we need the functionality, we patch the stable version... -:) > Alan DeKok. -- Kostas Zorbadelos [EMAIL PROTECTED] contact: kzorba (at) otenet.gr Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP related questions
Kostas Zorbadelos <[EMAIL PROTECTED]> wrote: > I saw the cvs version and indeed it contains the code you > describe. This is a very useful feature. The feature is not contained > in the latest stable (1.1.2) version. Will it be in the next? Probably in 2.0, which we hope to release before the next millenium. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP related questions
On Wed, Jun 28, 2006 at 04:21:14PM +0300, Kostas Kalevras wrote: > On Wed, 28 Jun 2006, Kostas Zorbadelos wrote: > > >On Wed, Jun 28, 2006 at 02:09:15PM +0300, Kostas Kalevras wrote: > >>>On Wed, Jun 28, 2006 at 11:56:27AM +0300, Kostas Zorbadelos wrote: > >>> > >>>I have a few suspicions where the problem might be. > >>>Is there a way to define the operator in the radius check attributes > >>>of ldap (without using the generic radiusCheckItem attribute)? > >> > >>radiusSessionTimeout: += > >> > > > >I meant in ldap.attrmap. > >When I define for example > > > >checkItem Group-Name radiusProfile > > > >what is the operator implied (& op=21 in the debugging output)? > >Can this be changed? > > In the cvs version at least an extra field is supported in ldap.attrmap > which sets the operator to be used. Dont know if it's supported in the > stable versions. > Thanks Kostas, I saw the cvs version and indeed it contains the code you describe. This is a very useful feature. The feature is not contained in the latest stable (1.1.2) version. Will it be in the next? > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Kostas [EMAIL PROTECTED] contact: kzorba (at) otenet.gr Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP related questions
On Wed, 28 Jun 2006, Kostas Zorbadelos wrote: On Wed, Jun 28, 2006 at 02:09:15PM +0300, Kostas Kalevras wrote: On Wed, Jun 28, 2006 at 11:56:27AM +0300, Kostas Zorbadelos wrote: I have a few suspicions where the problem might be. Is there a way to define the operator in the radius check attributes of ldap (without using the generic radiusCheckItem attribute)? radiusSessionTimeout: += I meant in ldap.attrmap. When I define for example checkItem Group-Name radiusProfile what is the operator implied (& op=21 in the debugging output)? Can this be changed? In the cvs version at least an extra field is supported in ldap.attrmap which sets the operator to be used. Dont know if it's supported in the stable versions. -- Kostas Zorbadelos [EMAIL PROTECTED] contact: kzorba (at) otenet.gr Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP related questions
On Wed, Jun 28, 2006 at 02:09:15PM +0300, Kostas Kalevras wrote: > >On Wed, Jun 28, 2006 at 11:56:27AM +0300, Kostas Zorbadelos wrote: > > > >I have a few suspicions where the problem might be. > >Is there a way to define the operator in the radius check attributes > >of ldap (without using the generic radiusCheckItem attribute)? > > radiusSessionTimeout: += > I meant in ldap.attrmap. When I define for example checkItem Group-Name radiusProfile what is the operator implied (& op=21 in the debugging output)? Can this be changed? -- Kostas Zorbadelos [EMAIL PROTECTED] contact: kzorba (at) otenet.gr Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP related questions
On Wed, Jun 28, 2006 at 02:11:00PM +0300, Kostas Kalevras wrote: > On Wed, 28 Jun 2006, Kostas Zorbadelos wrote: > > >Hello to everyone. > > > >I have a question regarding a configuration I am trying to achieve. I > >have users stored in an ldap database. An example user entry looks > >like this: > > > >dn: uid=kzorba,ou=people,dc=company,dc=gr > >cn: ZORBADELOS KONSTANTINOS > >uid: kzorba > >clearTextPwd: mypassword > >radiusProfile: PSTN_STATIC > >radiusAccountStatus: activated > >radiusMaxLogins: 1 > >radiusExpDate: 2030/12/31 00:00:00 > >Framed-IP-Address: 62.103.176.39 > >objectClass: account > >objectClass: MyRadiusAccount > >objectClass: top > > > >Tha attribute radiusProfile groups the users. For each group we have a > >corresponding profile > > Why not put the full profile DN in radiusProfile? Then you can use the > profile_attribute mechanism > That would be perfect, however we already have the users database and we use a different Radius software. Our data are in the form I described. Any modifications would require migration and this is what I am trying to avoid. -- Kostas Zorbadelos [EMAIL PROTECTED] contact: kzorba (at) otenet.gr Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP related questions
On Wed, 28 Jun 2006, Kostas Zorbadelos wrote: Hello to everyone. I have a question regarding a configuration I am trying to achieve. I have users stored in an ldap database. An example user entry looks like this: dn: uid=kzorba,ou=people,dc=company,dc=gr cn: ZORBADELOS KONSTANTINOS uid: kzorba clearTextPwd: mypassword radiusProfile: PSTN_STATIC radiusAccountStatus: activated radiusMaxLogins: 1 radiusExpDate: 2030/12/31 00:00:00 Framed-IP-Address: 62.103.176.39 objectClass: account objectClass: MyRadiusAccount objectClass: top Tha attribute radiusProfile groups the users. For each group we have a corresponding profile Why not put the full profile DN in radiusProfile? Then you can use the profile_attribute mechanism -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP related questions
On Wed, 28 Jun 2006, Kostas Zorbadelos wrote: On Wed, Jun 28, 2006 at 11:56:27AM +0300, Kostas Zorbadelos wrote: I have a few suspicions where the problem might be. Is there a way to define the operator in the radius check attributes of ldap (without using the generic radiusCheckItem attribute)? radiusSessionTimeout: += -- Kostas Zorbadelos [EMAIL PROTECTED] contact: kzorba (at) otenet.gr Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP related questions
On Wed, Jun 28, 2006 at 11:56:27AM +0300, Kostas Zorbadelos wrote: I have a few suspicions where the problem might be. Is there a way to define the operator in the radius check attributes of ldap (without using the generic radiusCheckItem attribute)? -- Kostas Zorbadelos [EMAIL PROTECTED] contact: kzorba (at) otenet.gr Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
