# Otherwise, it will use just one server.
server = "ldap.example.org"
- # Port to connect on, defaults to 389. Setting this to
- # 636 will enable LDAPS if start_tls (see below) is not
- # able to be used.
+ # Port to connect on, defaults to 389. Setting this to 636 will enable
+ # LDAPS if start_tls (see below) is not able to be used.
# port = 389
# Administrator account for searching and possibly modifying.
# base_dn = "dc=example,dc=org"
#
+ # Generic valuepair attribute
+ # If set, this will attribute will be retrieved in addition to any
+ # mapped attributes.
+ #
+ # Values should be in the format:
+ # <radius attr> <op> <value>
+ #
+ # Where:
+ # <radius attr>: Is the attribute you wish to create
+ # with any valid list and request qualifiers.
+ # <op>: Is any assignment attribute (=, :=, +=, -=).
+ # <value>: Is the value to parse into the new valuepair.
+ # If the attribute name is wrapped in double
+ # quotes it will be xlat expanded.
+ #
+# valuepair_attribute = "radiusAttribute"
+
+ #
# Mapping of LDAP directory attributes to RADIUS dictionary attributes.
#
# WARNING: Although this format is almost identical to the unlang
# reply:Tunnel-Type := 'radiusTunnelType'
# reply:Tunnel-Medium-Type := 'radiusTunnelMediumType'
# reply:Tunnel-Private-Group-ID := 'radiusTunnelPrivategroupId'
- }
- #
- # Generic valuepair attribute
- # If set, this will attribute will be retrieved in addition to any
- # mapped attributes.
- #
- # Values should be in the format:
- # <radius attr> <op> <value>
- #
- # Where:
- # <radius attr>: Is the attribute you wish to create
- # with any valid list and request qualifiers.
- # <op>: Is any assignment attribute (=, :=, +=, -=).
- # <value>: Is the value to parse into the new valuepair.
- # If the attribute name is wrapped in double
- # quotes it will be xlat expanded.
- #
-# valuepair_attribute = "radiusAttribute"
# Set to yes if you have eDirectory and want to use the universal
# password mechanism.
# ldap
# if ((ok || updated) && User-Password) {
# update {
- # control:Auth-Type := ldap
+ # control:Auth-Type := ldap
# }
# }
# Arbitrary attributes (accessible by %{client:<attr>}) are not yet supported.
#
# The following attributes are required:
- # * identifier - IPv4 address, or IPv4 address with prefix, or hostname)
- # * secret - RADIUS shared secret
+ # * identifier - IPv4 address, or IPv4 address with prefix, or hostname.
+ # * secret - RADIUS shared secret.
#
# The following attributes are optional:
# * shortname - Friendly name associated with the client
# Schemas are available in doc/schemas/ldap for openldap and eDirectory
#
attribute {
- identifier = 'radiusClientIdentifier'
- secret = 'radiusClientSecret'
-# shortname = 'radiusClientShortname'
-# nas_type = 'radiusClientType'
-# virtual_server = 'radiusClientVirtualServer'
-# require_message_authenticator = 'radiusClientRequireMa'
+ identifier = 'radiusClientIdentifier'
+ secret = 'radiusClientSecret'
+# shortname = 'radiusClientShortname'
+# nas_type = 'radiusClientType'
+# virtual_server = 'radiusClientVirtualServer'
+# require_message_authenticator = 'radiusClientRequireMa'
}
}