On 27/09/10 11:06 -0400, Francois Gelinas wrote:
Full_Name: Francois Gelinas Version: 2.3.27 OS: RedHat Enterprise Linux 5 URL: Submission from: (NULL) (216.252.95.98)
I'm lookling for a Cisco LDAP Schema for Radius, i need to pass Cisco propriatary attributes back to my radius server and i want to store them into ldap.
Here's the list of cisco attributes i am talking about: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_ for_windows/4.2.1/User_Guide/A_RADAtr.html
I could try to create one myself but how can i get the number to create the entry (like this in pureftpd.schema)
attributetype ( 1.3.6.1.4.1.6981.11.3.1 NAME 'FTPQuotaFiles'
Francois,
Which RADIUS server are you using?
I've had success implementing the cisco-avpair attribute with FreeRADIUS by using just the freeradius.schema. Presumably any other attribute could be implemented in a similar way, assuming that there's a corresponding dictionary file installed within FreeRADIUS. See the 'dictionary.cisco*' files distributed with FreeRADIUS for a list of attributes that should work out of the box.
With the freeradius schema, any Cisco dictionary attribute can be implemented via the radiusReplyItem LDAP attribute. For instance:
dn: cn=priv-15,ou=cisco,ou=radius,dc=example,dc=com objectClass: radiusObjectProfile objectClass: radiusprofile cn: priv-15 radiusReplyItem: cisco-avpair = "shell:priv-lvl=15"
If you really want to create your own schema (which wouldn't be necessary with the above approach), I'd recommend registering an enterprise number with IANA, which you could then use to create your own globally unique schema hierarchy underneath:
1.3.6.1.4.1.<your enterprise number>.x...