Full_Name: Francois Gelinas Version: 2.3.27 OS: RedHat Enterprise Linux 5 URL: Submission from: (NULL) (216.252.95.98)
I'm lookling for a Cisco LDAP Schema for Radius, i need to pass Cisco propriatary attributes back to my radius server and i want to store them into ldap.
Here's the list of cisco attributes i am talking about: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_ for_windows/4.2.1/User_Guide/A_RADAtr.html
I could try to create one myself but how can i get the number to create the entry (like this in pureftpd.schema)
attributetype ( 1.3.6.1.4.1.6981.11.3.1 NAME 'FTPQuotaFiles'
Francois Gelinas Directeur Technique - IT Manager Colba.Net Inc. 6465 Route Trans-canadienne Ville St-Laurent (Québec), H4T 1S3 Tél: (514) 856-3500 ext. 2236 Tél: (888) 477-7189 ext. 2236 Fax: (514) 856-9506 email: francois.gelinas@colba.net
On 27/09/10 11:06 -0400, Francois Gelinas wrote:
Full_Name: Francois Gelinas Version: 2.3.27 OS: RedHat Enterprise Linux 5 URL: Submission from: (NULL) (216.252.95.98)
I'm lookling for a Cisco LDAP Schema for Radius, i need to pass Cisco propriatary attributes back to my radius server and i want to store them into ldap.
Here's the list of cisco attributes i am talking about: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_ for_windows/4.2.1/User_Guide/A_RADAtr.html
I could try to create one myself but how can i get the number to create the entry (like this in pureftpd.schema)
attributetype ( 1.3.6.1.4.1.6981.11.3.1 NAME 'FTPQuotaFiles'
Francois,
Which RADIUS server are you using?
I've had success implementing the cisco-avpair attribute with FreeRADIUS by using just the freeradius.schema. Presumably any other attribute could be implemented in a similar way, assuming that there's a corresponding dictionary file installed within FreeRADIUS. See the 'dictionary.cisco*' files distributed with FreeRADIUS for a list of attributes that should work out of the box.
With the freeradius schema, any Cisco dictionary attribute can be implemented via the radiusReplyItem LDAP attribute. For instance:
dn: cn=priv-15,ou=cisco,ou=radius,dc=example,dc=com objectClass: radiusObjectProfile objectClass: radiusprofile cn: priv-15 radiusReplyItem: cisco-avpair = "shell:priv-lvl=15"
If you really want to create your own schema (which wouldn't be necessary with the above approach), I'd recommend registering an enterprise number with IANA, which you could then use to create your own globally unique schema hierarchy underneath:
1.3.6.1.4.1.<your enterprise number>.x...
Thank you, I am using FreeRadius and the ReplyItem did the trick i can now set my qos per user.
-----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org]On Behalf Of Dan White Sent: 28 septembre 2010 00:18 To: Francois Gelinas Cc: openldap-technical@openldap.org Subject: Re: OpenLDAP and Radius and Cisco attributes
On 27/09/10 11:06 -0400, Francois Gelinas wrote:
Full_Name: Francois Gelinas Version: 2.3.27 OS: RedHat Enterprise Linux 5 URL: Submission from: (NULL) (216.252.95.98)
I'm lookling for a Cisco LDAP Schema for Radius, i need to pass Cisco propriatary attributes back to my radius server and i want to store them into ldap.
Here's the list of cisco attributes i am talking about: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server
_
for_windows/4.2.1/User_Guide/A_RADAtr.html
I could try to create one myself but how can i get the number to create the entry (like this in pureftpd.schema)
attributetype ( 1.3.6.1.4.1.6981.11.3.1 NAME 'FTPQuotaFiles'
Francois,
Which RADIUS server are you using?
I've had success implementing the cisco-avpair attribute with FreeRADIUS by using just the freeradius.schema. Presumably any other attribute could be implemented in a similar way, assuming that there's a corresponding dictionary file installed within FreeRADIUS. See the 'dictionary.cisco*' files distributed with FreeRADIUS for a list of attributes that should work out of the box.
With the freeradius schema, any Cisco dictionary attribute can be implemented via the radiusReplyItem LDAP attribute. For instance:
dn: cn=priv-15,ou=cisco,ou=radius,dc=example,dc=com objectClass: radiusObjectProfile objectClass: radiusprofile cn: priv-15 radiusReplyItem: cisco-avpair = "shell:priv-lvl=15"
If you really want to create your own schema (which wouldn't be necessary with the above approach), I'd recommend registering an enterprise number with IANA, which you could then use to create your own globally unique schema hierarchy underneath:
1.3.6.1.4.1.<your enterprise number>.x...
-- Dan White
On Monday, 27 September 2010 16:06:56 Francois Gelinas wrote:
Full_Name: Francois Gelinas Version: 2.3.27 OS: RedHat Enterprise Linux 5 URL: Submission from: (NULL) (216.252.95.98)
I'm lookling for a Cisco LDAP Schema for Radius, i need to pass Cisco propriatary attributes back to my radius server and i want to store them into ldap.
Here's the list of cisco attributes i am talking about: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server _ for_windows/4.2.1/User_Guide/A_RADAtr.html
What RADIUS server are you using?
For example, freeradius ships with an LDAP schema, which defines e.g. radiusReplyItem, so your ldif would look like this:
dn: ..... ... objectclass: radiusProfile ... radiusReplyItem: Cisco-AVPair += "ssid=myssid"
But, see the documentation for your RADIUS server for more detail.
Regards, Buchan
openldap-technical@openldap.org
-
Buchan Milne -
Dan White -
Francois Gelinas