Re: RADIUS-LDAPv3.schema attribute description(s)

2007-09-14 Thread Kostas Kalevras 

O/H Turbo Fredriksson έγραψε:

Quoting Turbo Fredriksson <[EMAIL PROTECTED]>:

  

Is there any documentation of the attributes in the LDAP
schema?

I'm trying to write a GUI manager for RADIUS (actually a
'plugin' to my http://phpQLAdmin.com) but I don't know
how to write the lead text to the form...



Cross referencing with the ldap.attrmap, I managed to make
the following patch. But a DESCription like:

DESC 'replyItem: Reply-Message'

for the LDAP attribute 'radiusReplyMessage', it kind'a sucks.
Maybe there's better documentation for the RADIUS attribute.
I'll check...


But that still leaves no mapping for the following RADIUS
attributes:

  dialupAccess
  

See doc/rlm_ldap


  radiusArapFeatures
  radiusArapSecurity
  radiusArapZoneAccess
  radiusClientIPAddress
  
Maped to Client-IP-Address, could be used to only allow access to 
specific client-ip-address for a user



  radiusGroupName
  radiusHint
  

Hint attribute


  radiusHuntgroupName
  

Huntgroups


  radiusLoginTime
  

The Login-Time attribute used by the corresponding module


  radiusPasswordRetry
  radiusProfileDn
  


Used for ldap radius regular profiles. See doc/rlm_ldap


  radiusPrompt
  radiusProxyToRealm
  

Proxy-To-Realm. I think this attribute is deprecated.


  radiusRealm
  

Realm attribute.


  radiusReplicateToRealm
  

Replicate-To-Realm. Again I think this attribute is deprecated.


  radiusStripUserName
  radiusTunnelAssignmentId
  radiusTunnelClientEndpoint
  radiusTunnelMediumType
  radiusTunnelPassword
  radiusTunnelPreference
  radiusTunnelPrivateGroupId
  radiusTunnelServerEndpoint
  radiusTunnelType
  radiusUserCategory
  radiusVSA

At least, they are'nt referenced in ldap.attrmap. Oversight, are these
LDAP attributes deprecated (or not implemented)?

One I recognize is 'radiusRealm'. Must be the RADIUS attribute 'Realm',
right? Shouldn't that be in ldap.attrmap?


If someone could finish the line(s) above ({reply,check}Item) and the
corresponding RADIUS attribute, I'm happy to produce a good patch for
this...

  



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--
Kostas Kalevras - Network Operations Center
National Technical University of Athens
http://kkalev.wordpress.com

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: RADIUS-LDAPv3.schema attribute description(s)

2007-09-14 Thread Turbo Fredriksson 
Quoting Turbo Fredriksson <[EMAIL PROTECTED]>:

> Is there any documentation of the attributes in the LDAP
> schema?
>
> I'm trying to write a GUI manager for RADIUS (actually a
> 'plugin' to my http://phpQLAdmin.com) but I don't know
> how to write the lead text to the form...

Cross referencing with the ldap.attrmap, I managed to make
the following patch. But a DESCription like:

DESC 'replyItem: Reply-Message'

for the LDAP attribute 'radiusReplyMessage', it kind'a sucks.
Maybe there's better documentation for the RADIUS attribute.
I'll check...


But that still leaves no mapping for the following RADIUS
attributes:

  dialupAccess
  radiusArapFeatures
  radiusArapSecurity
  radiusArapZoneAccess
  radiusClientIPAddress
  radiusGroupName
  radiusHint
  radiusHuntgroupName
  radiusLoginTime
  radiusPasswordRetry
  radiusProfileDn
  radiusPrompt
  radiusProxyToRealm
  radiusRealm
  radiusReplicateToRealm
  radiusStripUserName
  radiusTunnelAssignmentId
  radiusTunnelClientEndpoint
  radiusTunnelMediumType
  radiusTunnelPassword
  radiusTunnelPreference
  radiusTunnelPrivateGroupId
  radiusTunnelServerEndpoint
  radiusTunnelType
  radiusUserCategory
  radiusVSA

At least, they are'nt referenced in ldap.attrmap. Oversight, are these
LDAP attributes deprecated (or not implemented)?

One I recognize is 'radiusRealm'. Must be the RADIUS attribute 'Realm',
right? Shouldn't that be in ldap.attrmap?


If someone could finish the line(s) above ({reply,check}Item) and the
corresponding RADIUS attribute, I'm happy to produce a good patch for
this...

--- ./doc/examples/openldap.schema.orig	2007-09-14 09:27:51.0 +
+++ ./doc/examples/openldap.schema	2007-09-14 09:51:43.0 +
@@ -35,7 +35,7 @@
 attributetype
( 1.3.6.1.4.1.3317.4.3.1.44
  NAME 'radiusAuthType'
- DESC ''
+ DESC 'checkItem: Auth-Type'
  EQUALITY caseIgnoreIA5Match
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  SINGLE-VALUE
@@ -44,7 +44,7 @@
 attributetype
( 1.3.6.1.4.1.3317.4.3.1.4
   NAME 'radiusCallbackId'
-  DESC ''
+  DESC 'replyItem: Callback-Id'
   EQUALITY caseIgnoreIA5Match
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   SINGLE-VALUE
@@ -53,7 +53,7 @@
 attributetype
( 1.3.6.1.4.1.3317.4.3.1.5
   NAME 'radiusCallbackNumber'
-  DESC ''
+  DESC 'replyItem: Callback-Number'
   EQUALITY caseIgnoreIA5Match
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   SINGLE-VALUE
@@ -62,7 +62,7 @@
 attributetype
( 1.3.6.1.4.1.3317.4.3.1.6
   NAME 'radiusCalledStationId'
-  DESC ''
+  DESC 'checkItem: Called-Station-Id'
   EQUALITY caseIgnoreIA5Match
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   SINGLE-VALUE
@@ -71,7 +71,7 @@
 attributetype
( 1.3.6.1.4.1.3317.4.3.1.7
   NAME 'radiusCallingStationId'
-  DESC ''
+  DESC 'checkItem: Calling-Station-Id'
   EQUALITY caseIgnoreIA5Match
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   SINGLE-VALUE
@@ -80,7 +80,7 @@
 attributetype
( 1.3.6.1.4.1.3317.4.3.1.8
   NAME 'radiusClass'
-  DESC ''
+  DESC 'replyItem: Class'
   EQUALITY caseIgnoreIA5Match
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
@@ -97,7 +97,7 @@
 attributetype
( 1.3.6.1.4.1.3317.4.3.1.9
   NAME 'radiusFilterId'
-  DESC ''
+  DESC 'replyItem: Filter-Id'
   EQUALITY caseIgnoreIA5Match
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
@@ -105,7 +105,7 @@
 attributetype
( 1.3.6.1.4.1.3317.4.3.1.10
   NAME 'radiusFramedAppleTalkLink'
-  DESC ''
+  DESC 'replyItem: Framed-AppleTalk-Link'
   EQUALITY caseIgnoreIA5Match
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   SINGLE-VALUE
@@ -114,7 +114,7 @@
 attributetype
( 1.3.6.1.4.1.3317.4.3.1.11
   NAME 'radiusFramedAppleTalkNetwork'
-  DESC ''
+  DESC 'replyItem: Framed-AppleTalk-Network'
   EQUALITY caseIgnoreIA5Match
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
@@ -122,7 +122,7 @@
 attributetype
( 1.3.6.1.4.1.3317.4.3.1.12
   NAME 'radiusFramedAppleTalkZone'
-  DESC ''
+  DESC 'replyItem: Framed-AppleTalk-Zone'
   EQUALITY caseIgnoreIA5Match
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   SINGLE-VALUE
@@ -131,7 +131,7 @@
 attributetype
( 1.3.6.1.4.1.3317.4.3.1.13
   NAME 'radiusFramedCompression'
-  DESC ''
+  DESC 'replyItem: Framed-Compression'
   EQUALITY caseIgnoreIA5Match
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
)
@@ -139,7 +139,7 @@
 attributetype
( 1.3.6.1.4.1.3317.4.3.1.14
   NAME 'radiusFramedIPAddress'
-  DESC ''
+  DESC 'replyItem: Framed-IP-Address'
   EQUALITY caseIgnoreIA5Match
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   SINGLE-VALUE
@@ -148,7 +148,7 @@
 attributetype
( 1.3.6.1.4.1.3317.4.3.1.15
   NAME 'radiusFramedIPNetmask'
-  DESC ''
+  DESC 'replyItem: Framed-IP-Netmask'
   EQUALITY caseIgnoreIA5Match
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   SINGLE-VALUE
@@ -157,7 +157,