[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP and Radius and Cisco attributes



Thank you, I am using FreeRadius and the ReplyItem did the trick i can now
set my qos per user.

-----Original Message-----
From: openldap-technical-bounces@OpenLDAP.org
[mailto:openldap-technical-bounces@OpenLDAP.org]On Behalf Of Dan White
Sent: 28 septembre 2010 00:18
To: Francois Gelinas
Cc: openldap-technical@openldap.org
Subject: Re: OpenLDAP and Radius and Cisco attributes


On 27/09/10 11:06 -0400, Francois Gelinas wrote:
>Full_Name: Francois Gelinas
>Version: 2.3.27
>OS: RedHat Enterprise Linux 5
>URL:
>Submission from: (NULL) (216.252.95.98)
>
>
>I'm lookling for a Cisco LDAP Schema for Radius, i need to pass Cisco
>propriatary attributes back to my radius server and i want to store them
>into ldap.
>
>Here's the list of cisco attributes i am talking about:
>http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server
_
>for_windows/4.2.1/User_Guide/A_RADAtr.html
>
>I could try to create one myself but how can i get the number to create the
>entry (like this in pureftpd.schema)
>
>attributetype ( 1.3.6.1.4.1.6981.11.3.1 NAME 'FTPQuotaFiles'

Francois,

Which RADIUS server are you using?

I've had success implementing the cisco-avpair attribute with FreeRADIUS
by using just the freeradius.schema. Presumably any other attribute could
be implemented in a similar way, assuming that there's a corresponding
dictionary file installed within FreeRADIUS. See the 'dictionary.cisco*'
files distributed with FreeRADIUS for a list of attributes that should work
out of the box.

With the freeradius schema, any Cisco dictionary attribute can be
implemented via the radiusReplyItem LDAP attribute. For instance:

dn: cn=priv-15,ou=cisco,ou=radius,dc=example,dc=com
objectClass: radiusObjectProfile
objectClass: radiusprofile
cn: priv-15
radiusReplyItem: cisco-avpair = "shell:priv-lvl=15"

If you really want to create your own schema (which wouldn't be necessary
with the above approach), I'd recommend registering an enterprise number
with IANA, which you could then use to create your own globally unique
schema hierarchy underneath:

1.3.6.1.4.1.<your enterprise number>.x...

--
Dan White