The mapping between radius and ldap attributes is in raddb/ldap.attrmap. You
should edit the file and add any new mapping which you need. The schema files
-is located in doc/RADIUS-LDAPv3.schema. Before adding any radius attributes
+is located in doc/examples/openldap.schema. Before adding any radius attributes
the ldap server schema should be updated. All ldap entries containing radius
attributes should contain at least "objectclass: radiusprofile"
#
# password_attribute = "userPassword"
-# password_radius_attribute: Defined the RADIUS attribute where the extracted
-# user password will be stored to. Can be used to set it to NT-Password or any
-# other similar attribute instead of the default
-#
-# default: User-Password
-#
-# password_radius_attribute = "NT-Password"
-
# edir_account_policy_check: Specifies if the module has to enforce
# Novell eDirectory account policy check and intruder detection for
# RADIUS users. This will work only if FreeRADIUS is configured to build
} }
-NOTE: As LDAP is case insensitive, you should probably also set "lower_user =
-yes" and "lower_time = before" in main section of radiusd.conf, to get limits
-on simultaneous logins working correctly. Otherwise, users will be able get
-large number of sessions, capitalizing parts of their login names.
-
MODULE MESSAGES: On user rejection rlm_ldap will return the following module
messages: