# to be used by LDAP authentication and authorization module (rlm_ldap)
#
# Format:
-# ItemType RADIUS-Attribute-Name ldapAttributeName
+# ItemType RADIUS-Attribute-Name ldapAttributeName [operator]
#
# Where:
# ItemType = checkItem or replyItem
# RADIUS-Attribute-Name = attribute name in RADIUS dictionary
# ldapAttributeName = attribute name in LDAP schema
+# operator = optional, and may not be present.
+# If not present, defaults to "==" for checkItems,
+# and "=" for replyItems.
+# If present, the operator here should be one
+# of the same operators as defined in the "users"3
+# file ("man users", or "man 5 users").
+# If an operator is present in the value of the
+# LDAP entry (i.e. ":=foo"), then it over-rides
+# both the default, and any operator given here.
#
# If $GENERIC$ is specified as RADIUS-Attribute-Name, the line specifies
# a LDAP attribute which can be used to store any RADIUS
checkItem Calling-Station-Id radiusCallingStationId
checkItem LM-Password lmPassword
checkItem NT-Password ntPassword
+checkItem LM-Password sambaLmPassword
+checkItem NT-Password sambaNtPassword
+checkItem LM-Password dBCSPwd
+checkitem Password-With-Header userPassword
checkItem SMB-Account-CTRL-TEXT acctFlags
checkItem Expiration radiusExpiration
checkItem NAS-IP-Address radiusNASIpAddress
+checkItem Password-With-Header userPassword
replyItem Service-Type radiusServiceType
replyItem Framed-Protocol radiusFramedProtocol
replyItem Port-Limit radiusPortLimit
replyItem Login-LAT-Port radiusLoginLATPort
replyItem Reply-Message radiusReplyMessage
+replyItem Tunnel-Type radiusTunnelType
+replyItem Tunnel-Medium-Type radiusTunnelMediumType
+replyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupId