I was wondering the same thing :-) On the subject of getting the attributes from LDAP, the Cisco AV pairs are just another AV Pair. Sure, Cisco have broken their AVs up with sub-AVs, but it's still just passing a value back from LDAP and manipulating the format so that it is placed correctly into the correct AV.
The priv-level (as you have clearly worked out) is presented as... Cisco-AV-Pair=priv-level=<value> <value> = 0 to 15 If you have an attribute in your LDAP schema that is called Cisco-AV-Pair and it contains the string "priv-level=15", then you should be able to return that attribute and map it to the contents of the Cisco-AV-Pair RADIUS attribute. I don't *think* it's any different to mapping any other string based AV Pair. Rgds, Guy On 19/02/2008, Ivan Kalik <[EMAIL PROTECTED]> wrote: > And why do you have password in two locations? If you store it in Ldap > you don't need it in users file and vice versa. > > Ivan Kalik > Kalik Informatika ISP > > > Dana 19/2/2008, "David W Bell" <[EMAIL PROTECTED]> piše: > > >Hi there. > > > >My Saga continues.... > > > >I have freeRADIUS working with openLDAP and can log into CISCO kit and > >pass the priv-level from the raddb/users file. > > > >Is there any way that this information can be passed from the openLDAP > >user details instead? > > > >I am looking to do a single-signon system and it seems a little awkward > >to have to change a password (as is required in the users file) in 2 > >locations. > > > >Thanks > > > >David > >- > >List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
