Re: DialupAdmin/LDAP - General Questions

2005-05-12 Thread Mathieu Bénard 
Chris Carver a écrit :
Mathieu Bénard wrote:
2: From what I read in the /lib/ldap/create_user.php3:
   $dn = 'uid=' . $login . ',' . 
$config[ldap_default_new_entry_suffix];
   $new_user_entry[objectclass][0]=top;
   $new_user_entry[objectclass][1]=person;
   
$new_user_entry[objectclass][2]=organizationalPerson;
   
$new_user_entry[objectclass][3]=inetOrgPerson;
   
$new_user_entry[objectclass][4]=radiusprofile;

dialupadmin intend to use an old radius LDAP schema instead of 
RADIUS-LDAPv3.schema. It uses uid= as mandatory attribute, but with 
RADIUS-LDAPv3.schema, cn= is expected.
I don't want to modify the source of dialupadmin, so should I use an 
older radius schema, or modify it by myself ?

I modified my schema to use cn=  The objectclass radiusprofile is 
constructed as follows:

objectclass
  ( 1.3.6.1.4.1.3317.4.3.2.1
 NAME 'radiusprofile'
 SUP top STRUCTURAL
 DESC ''
 MUST cn
 MAY ( radiusArapFeatures $ radiusArapSecurity $ 
radiusArapZoneAccess $
   radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $
   radiusCalledStationId $ radiusCallingStationId $ radiusClass $
   radiusClientIPAddress $ radiusFilterId $ 
radiusFramedAppleTalkLink $
   radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $
   radiusFramedCompression $ radiusFramedIPAddress $
   radiusFramedCompression $ radiusFramedIPAddress $
   radiusFramedIPNetmask $ radiusFramedIPXNetwork $
   radiusFramedMTU $ radiusFramedProtocol $
   radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $
   radiusGroupName $ radiusHint $ radiusHuntgroupName $
   radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $
   radiusLoginLATPort $ radiusLoginLATService $ 
radiusLoginService $
   radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $
   radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $
   radiusRealm $ radiusReplicateToRealm $ radiusServiceType $
   radiusSessionTimeout $ radiusStripUserName $
   radiusTerminationAction $ radiusTunnelAssignmentId $
   radiusTunnelClientEndpoint $ radiusIdleTimeout $
   radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $
   radiusLoginLATPort $ radiusLoginLATService $ 
radiusLoginService $
   radiusLoginTCPPort $ radiusPasswordRetry $ radiusPortLimit $
   radiusPrompt $ radiusProfileDn $ radiusServiceType $
   radiusSessionTimeout $ radiusSimultaneousUse $
   radiusTerminationAction $ radiusTunnelAssignmentId $
   radiusTunnelClientEndpoint $ radiusTunnelMediumType $
   radiusTunnelPassword $ radiusTunnelPreference $
   radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $
   radiusTunnelType $ radiusUserCategory $ radiusVSA )
 )

I hope that helps.
-Chris

First of all thanks for your answer.
What do you mean by modifiying your schema ? What you show is the 
original LDAP schema provided with freeradius. This schema cannot work 
with the following statement in dialupadmin (for example): $dn = 'uid=' 
. $login . ',' . $config[ldap_default_new_entry_suffix];

To make it clear, my problem is that the codelines of DialupAdmin's user 
management pages don't fit the LDAP schema provided with freeradius 
(RADIUS-LDAPv3.schema). In my opinion there are only 2 options:
- Modify dialupadmin according to the FreeRadius LDAP schema, what I 
don't intend to do because there are several pages involved and it may 
make it quite unstable.
- Modify the RADIUS LDAP schema according to what dialupadmin is trying 
to do. I don't want to do this either, because it is the one provided 
with freeradius, so it doesn't seem a good idea to modify it

How am I supposed to make it work without modifying freeradius LDAP 
schema or dialupadmin ? I am surprised that it doesn't seem to be a 
well-known issue. Am I missing something ?

Thanks in advance,
Mafioo
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DialupAdmin/LDAP - General Questions

2005-05-12 Thread Kostas Kalevras 
On Thu, 12 May 2005, [ISO-8859-1] Mathieu B?nard wrote:
First of all thanks for your answer.
What do you mean by modifiying your schema ? What you show is the original 
LDAP schema provided with freeradius. This schema cannot work with the 
following statement in dialupadmin (for example): $dn = 'uid=' . $login . ',' 
. $config[ldap_default_new_entry_suffix];
Wrong. dialupadmin uses more objectclasses than just radiusprofile when creating 
a user, in particular inetorgperson which *allows* the uid attribute, so there 
should be no problem creating a user. radiusprofile is an *auxiliary* 
objectclass, it is designed to be used in combination with other objectclasses 
when creating a user.

The reason why radiusprofile demands cn and not uid is that it may be used in 
objects other than user accounts in which case the uid attribute will not be 
present but the cn attribute will.

To make it clear, my problem is that the codelines of DialupAdmin's user 
management pages don't fit the LDAP schema provided with freeradius 
(RADIUS-LDAPv3.schema). In my opinion there are only 2 options:
- Modify dialupadmin according to the FreeRadius LDAP schema, what I don't 
intend to do because there are several pages involved and it may make it 
quite unstable.
- Modify the RADIUS LDAP schema according to what dialupadmin is trying to 
do. I don't want to do this either, because it is the one provided with 
freeradius, so it doesn't seem a good idea to modify it

How am I supposed to make it work without modifying freeradius LDAP schema or 
dialupadmin ? I am surprised that it doesn't seem to be a well-known issue. 
Am I missing something ?
I don't see why anything should be changed anywhere.
Thanks in advance,
Mafioo
- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

DialupAdmin/LDAP - General Questions

2005-05-11 Thread Mathieu Bénard 
Hello
I'd like to manage my LDAP users with DialupAdmin Radius interface, and 
here come a few questions.

1: It seems that DialupAdmin uses LDAPv2 protocol. Can it possibly use 
LDAPv3 ?
2: From what I read in the /lib/ldap/create_user.php3:

   $dn = 'uid=' . $login . ',' . 
$config[ldap_default_new_entry_suffix];
   $new_user_entry[objectclass][0]=top;
   $new_user_entry[objectclass][1]=person;
   
$new_user_entry[objectclass][2]=organizationalPerson;
   $new_user_entry[objectclass][3]=inetOrgPerson;
   $new_user_entry[objectclass][4]=radiusprofile;

dialupadmin intend to use an old radius LDAP schema instead of 
RADIUS-LDAPv3.schema. It uses uid= as mandatory attribute, but with 
RADIUS-LDAPv3.schema, cn= is expected.
I don't want to modify the source of dialupadmin, so should I use an 
older radius schema, or modify it by myself ?

Thanks a lot
Mafioo

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DialupAdmin/LDAP - General Questions

2005-05-11 Thread Chris Carver 
Mathieu Bénard wrote:
Hello
I'd like to manage my LDAP users with DialupAdmin Radius interface, 
and here come a few questions.

1: It seems that DialupAdmin uses LDAPv2 protocol. Can it possibly use 
LDAPv3 ?
Absolutely.  I'm using it right now.
2: From what I read in the /lib/ldap/create_user.php3:
   $dn = 'uid=' . $login . ',' . 
$config[ldap_default_new_entry_suffix];
   $new_user_entry[objectclass][0]=top;
   $new_user_entry[objectclass][1]=person;
   
$new_user_entry[objectclass][2]=organizationalPerson;
   $new_user_entry[objectclass][3]=inetOrgPerson;
   $new_user_entry[objectclass][4]=radiusprofile;

dialupadmin intend to use an old radius LDAP schema instead of 
RADIUS-LDAPv3.schema. It uses uid= as mandatory attribute, but with 
RADIUS-LDAPv3.schema, cn= is expected.
I don't want to modify the source of dialupadmin, so should I use an 
older radius schema, or modify it by myself ?
I modified my schema to use cn=  The objectclass radiusprofile is 
constructed as follows:

objectclass
  ( 1.3.6.1.4.1.3317.4.3.2.1
 NAME 'radiusprofile'
 SUP top STRUCTURAL
 DESC ''
 MUST cn
 MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $
   radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $
   radiusCalledStationId $ radiusCallingStationId $ radiusClass $
   radiusClientIPAddress $ radiusFilterId $ 
radiusFramedAppleTalkLink $
   radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $
   radiusFramedCompression $ radiusFramedIPAddress $
   radiusFramedCompression $ radiusFramedIPAddress $
   radiusFramedIPNetmask $ radiusFramedIPXNetwork $
   radiusFramedMTU $ radiusFramedProtocol $
   radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $
   radiusGroupName $ radiusHint $ radiusHuntgroupName $
   radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $
   radiusLoginLATPort $ radiusLoginLATService $ 
radiusLoginService $
   radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $
   radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $
   radiusRealm $ radiusReplicateToRealm $ radiusServiceType $
   radiusSessionTimeout $ radiusStripUserName $
   radiusTerminationAction $ radiusTunnelAssignmentId $
   radiusTunnelClientEndpoint $ radiusIdleTimeout $
   radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $
   radiusLoginLATPort $ radiusLoginLATService $ 
radiusLoginService $
   radiusLoginTCPPort $ radiusPasswordRetry $ radiusPortLimit $
   radiusPrompt $ radiusProfileDn $ radiusServiceType $
   radiusSessionTimeout $ radiusSimultaneousUse $
   radiusTerminationAction $ radiusTunnelAssignmentId $
   radiusTunnelClientEndpoint $ radiusTunnelMediumType $
   radiusTunnelPassword $ radiusTunnelPreference $
   radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $
   radiusTunnelType $ radiusUserCategory $ radiusVSA )
 )

I hope that helps.
-Chris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html