Re: DialupAdmin/LDAP - General Questions
Chris Carver a écrit : Mathieu Bénard wrote: 2: From what I read in the /lib/ldap/create_user.php3: $dn = 'uid=' . $login . ',' . $config[ldap_default_new_entry_suffix]; $new_user_entry[objectclass][0]=top; $new_user_entry[objectclass][1]=person; $new_user_entry[objectclass][2]=organizationalPerson; $new_user_entry[objectclass][3]=inetOrgPerson; $new_user_entry[objectclass][4]=radiusprofile; dialupadmin intend to use an old radius LDAP schema instead of RADIUS-LDAPv3.schema. It uses uid= as mandatory attribute, but with RADIUS-LDAPv3.schema, cn= is expected. I don't want to modify the source of dialupadmin, so should I use an older radius schema, or modify it by myself ? I modified my schema to use cn= The objectclass radiusprofile is constructed as follows: objectclass ( 1.3.6.1.4.1.3317.4.3.2.1 NAME 'radiusprofile' SUP top STRUCTURAL DESC '' MUST cn MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $ radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedIPAddress $ radiusFramedCompression $ radiusFramedIPAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $ radiusFramedProtocol $ radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupName $ radiusHint $ radiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $ radiusServiceType $ radiusSessionTimeout $ radiusStripUserName $ radiusTerminationAction $ radiusTunnelAssignmentId $ radiusTunnelClientEndpoint $ radiusIdleTimeout $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProfileDn $ radiusServiceType $ radiusSessionTimeout $ radiusSimultaneousUse $ radiusTerminationAction $ radiusTunnelAssignmentId $ radiusTunnelClientEndpoint $ radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ radiusTunnelType $ radiusUserCategory $ radiusVSA ) ) I hope that helps. -Chris First of all thanks for your answer. What do you mean by modifiying your schema ? What you show is the original LDAP schema provided with freeradius. This schema cannot work with the following statement in dialupadmin (for example): $dn = 'uid=' . $login . ',' . $config[ldap_default_new_entry_suffix]; To make it clear, my problem is that the codelines of DialupAdmin's user management pages don't fit the LDAP schema provided with freeradius (RADIUS-LDAPv3.schema). In my opinion there are only 2 options: - Modify dialupadmin according to the FreeRadius LDAP schema, what I don't intend to do because there are several pages involved and it may make it quite unstable. - Modify the RADIUS LDAP schema according to what dialupadmin is trying to do. I don't want to do this either, because it is the one provided with freeradius, so it doesn't seem a good idea to modify it How am I supposed to make it work without modifying freeradius LDAP schema or dialupadmin ? I am surprised that it doesn't seem to be a well-known issue. Am I missing something ? Thanks in advance, Mafioo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DialupAdmin/LDAP - General Questions
On Thu, 12 May 2005, [ISO-8859-1] Mathieu B?nard wrote: First of all thanks for your answer. What do you mean by modifiying your schema ? What you show is the original LDAP schema provided with freeradius. This schema cannot work with the following statement in dialupadmin (for example): $dn = 'uid=' . $login . ',' . $config[ldap_default_new_entry_suffix]; Wrong. dialupadmin uses more objectclasses than just radiusprofile when creating a user, in particular inetorgperson which *allows* the uid attribute, so there should be no problem creating a user. radiusprofile is an *auxiliary* objectclass, it is designed to be used in combination with other objectclasses when creating a user. The reason why radiusprofile demands cn and not uid is that it may be used in objects other than user accounts in which case the uid attribute will not be present but the cn attribute will. To make it clear, my problem is that the codelines of DialupAdmin's user management pages don't fit the LDAP schema provided with freeradius (RADIUS-LDAPv3.schema). In my opinion there are only 2 options: - Modify dialupadmin according to the FreeRadius LDAP schema, what I don't intend to do because there are several pages involved and it may make it quite unstable. - Modify the RADIUS LDAP schema according to what dialupadmin is trying to do. I don't want to do this either, because it is the one provided with freeradius, so it doesn't seem a good idea to modify it How am I supposed to make it work without modifying freeradius LDAP schema or dialupadmin ? I am surprised that it doesn't seem to be a well-known issue. Am I missing something ? I don't see why anything should be changed anywhere. Thanks in advance, Mafioo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DialupAdmin/LDAP - General Questions
Hello I'd like to manage my LDAP users with DialupAdmin Radius interface, and here come a few questions. 1: It seems that DialupAdmin uses LDAPv2 protocol. Can it possibly use LDAPv3 ? 2: From what I read in the /lib/ldap/create_user.php3: $dn = 'uid=' . $login . ',' . $config[ldap_default_new_entry_suffix]; $new_user_entry[objectclass][0]=top; $new_user_entry[objectclass][1]=person; $new_user_entry[objectclass][2]=organizationalPerson; $new_user_entry[objectclass][3]=inetOrgPerson; $new_user_entry[objectclass][4]=radiusprofile; dialupadmin intend to use an old radius LDAP schema instead of RADIUS-LDAPv3.schema. It uses uid= as mandatory attribute, but with RADIUS-LDAPv3.schema, cn= is expected. I don't want to modify the source of dialupadmin, so should I use an older radius schema, or modify it by myself ? Thanks a lot Mafioo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DialupAdmin/LDAP - General Questions
Mathieu Bénard wrote: Hello I'd like to manage my LDAP users with DialupAdmin Radius interface, and here come a few questions. 1: It seems that DialupAdmin uses LDAPv2 protocol. Can it possibly use LDAPv3 ? Absolutely. I'm using it right now. 2: From what I read in the /lib/ldap/create_user.php3: $dn = 'uid=' . $login . ',' . $config[ldap_default_new_entry_suffix]; $new_user_entry[objectclass][0]=top; $new_user_entry[objectclass][1]=person; $new_user_entry[objectclass][2]=organizationalPerson; $new_user_entry[objectclass][3]=inetOrgPerson; $new_user_entry[objectclass][4]=radiusprofile; dialupadmin intend to use an old radius LDAP schema instead of RADIUS-LDAPv3.schema. It uses uid= as mandatory attribute, but with RADIUS-LDAPv3.schema, cn= is expected. I don't want to modify the source of dialupadmin, so should I use an older radius schema, or modify it by myself ? I modified my schema to use cn= The objectclass radiusprofile is constructed as follows: objectclass ( 1.3.6.1.4.1.3317.4.3.2.1 NAME 'radiusprofile' SUP top STRUCTURAL DESC '' MUST cn MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $ radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedIPAddress $ radiusFramedCompression $ radiusFramedIPAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $ radiusFramedProtocol $ radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupName $ radiusHint $ radiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $ radiusServiceType $ radiusSessionTimeout $ radiusStripUserName $ radiusTerminationAction $ radiusTunnelAssignmentId $ radiusTunnelClientEndpoint $ radiusIdleTimeout $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProfileDn $ radiusServiceType $ radiusSessionTimeout $ radiusSimultaneousUse $ radiusTerminationAction $ radiusTunnelAssignmentId $ radiusTunnelClientEndpoint $ radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ radiusTunnelType $ radiusUserCategory $ radiusVSA ) ) I hope that helps. -Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html