LDAP Simultaneous-use

classic Classic list List threaded Threaded
7 messages Options
| Threaded
Open this post in threaded view
|

LDAP Simultaneous-use

Alex-4
Hi everyone!

I'm trying to configure freeradius to get users from ldap directory.
Currently my configuration works perfectly except for one little detail:
i'm not able to impose the Simultaneous-use limitation. the ldap entry
already has the attribute, but i was not able to make freeradius to get it.

Has someone one example of configuration of rlm_ldap module??

thank you and best regards
Alex
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: LDAP Simultaneous-use

Alan DeKok-2
On Sep 22, 2020, at 4:55 PM, Alex <[hidden email]> wrote:
>
> I'm trying to configure freeradius to get users from ldap directory.
> Currently my configuration works perfectly except for one little detail:
> i'm not able to impose the Simultaneous-use limitation. the ldap entry
> already has the attribute, but i was not able to make freeradius to get it.

  "I did stuff and it didn't work".

  http://wiki.freeradius.org/list-help

> Has someone one example of configuration of rlm_ldap module??

  Describe what you did.  That would help.  Show what happens when a user logs in.  i.e. The debug output, which ALL of the documentation says to post.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: LDAP Simultaneous-use

Alex-4
Hi,
I'm just asking for some advices about the documentation to read.
I'm not saying "it's not working, this is my conf please solve me the
problem".

I'm basing the config on the rlm_ldap config file in mods-available dir and
https://wiki.freeradius.org/modules/Rlm_ldap (in both i'm hot able to find
any reference to Simultaneous-Use attribute and how to map it to an ldap
attribute)

So please, if there is some other documentation detail that I'm missing,
please tell me.

Thank u for your help.

Il giorno mer 23 set 2020 alle ore 14:47 Alan DeKok <
[hidden email]> ha scritto:

> On Sep 22, 2020, at 4:55 PM, Alex <[hidden email]> wrote:
> >
> > I'm trying to configure freeradius to get users from ldap directory.
> > Currently my configuration works perfectly except for one little detail:
> > i'm not able to impose the Simultaneous-use limitation. the ldap entry
> > already has the attribute, but i was not able to make freeradius to get
> it.
>
>   "I did stuff and it didn't work".
>
>   http://wiki.freeradius.org/list-help
>
> > Has someone one example of configuration of rlm_ldap module??
>
>   Describe what you did.  That would help.  Show what happens when a user
> logs in.  i.e. The debug output, which ALL of the documentation says to
> post.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: LDAP Simultaneous-use

Alan DeKok-2
On Sep 23, 2020, at 9:31 AM, Alex <[hidden email]> wrote:
> I'm just asking for some advices about the documentation to read.
> I'm not saying "it's not working, this is my conf please solve me the
> problem".

  OK.

> I'm basing the config on the rlm_ldap config file in mods-available dir and
> https://wiki.freeradius.org/modules/Rlm_ldap (in both i'm hot able to find
> any reference to Simultaneous-Use attribute and how to map it to an ldap
> attribute)

  The server includes about 8000 attributes.  There is *not* documentation on how to set *each individual attribute*.

> So please, if there is some other documentation detail that I'm missing,
> please tell me.

  The mods-available/ldap file contains complete documentation on how to map any LDAP attribute to any RADIUS attribute.  See the "update" section.

  All you need to do is put "Simultaneous-Use = 1" into 'radiusControlAttribute', as the documentation makes clear.

  The documentation does NOT give you instructions for creating every possible configuration.  That's impossible.

  The documentation requires the admin to read it, understand it, and apply it to the current situation.  i.e. it describes how the server works.  Putting the pieces together is up to you.

 Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: LDAP Simultaneous-use

Alex-4
Perfect,
so basically I have to update the "control" attribute set.

Can I use the following syntax in the update section?

update {
....
control:Simultaneous-Use = 'radiusSimultaneousUse'
...
}

I would like to set the simultaneous-use directly mapping a specific
attribute, instead of mapping a "generic" attribute.

Thank you and Best Regards
Alex

Il giorno mer 23 set 2020 alle ore 15:58 Alan DeKok <
[hidden email]> ha scritto:

> On Sep 23, 2020, at 9:31 AM, Alex <[hidden email]> wrote:
> > I'm just asking for some advices about the documentation to read.
> > I'm not saying "it's not working, this is my conf please solve me the
> > problem".
>
>   OK.
>
> > I'm basing the config on the rlm_ldap config file in mods-available dir
> and
> > https://wiki.freeradius.org/modules/Rlm_ldap (in both i'm hot able to
> find
> > any reference to Simultaneous-Use attribute and how to map it to an ldap
> > attribute)
>
>   The server includes about 8000 attributes.  There is *not* documentation
> on how to set *each individual attribute*.
>
> > So please, if there is some other documentation detail that I'm missing,
> > please tell me.
>
>   The mods-available/ldap file contains complete documentation on how to
> map any LDAP attribute to any RADIUS attribute.  See the "update" section.
>
>   All you need to do is put "Simultaneous-Use = 1" into
> 'radiusControlAttribute', as the documentation makes clear.
>
>   The documentation does NOT give you instructions for creating every
> possible configuration.  That's impossible.
>
>   The documentation requires the admin to read it, understand it, and
> apply it to the current situation.  i.e. it describes how the server
> works.  Putting the pieces together is up to you.
>
>  Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: LDAP Simultaneous-use

Alan DeKok-2
On Sep 23, 2020, at 11:18 AM, Alex <[hidden email]> wrote:
>
> Perfect,
> so basically I have to update the "control" attribute set.

  That is what the documentation says.

> Can I use the following syntax in the update section?
>
> update {
> ....
> control:Simultaneous-Use = 'radiusSimultaneousUse'
> ...
> }

  What does the documentation say?

> I would like to set the simultaneous-use directly mapping a specific
> attribute, instead of mapping a "generic" attribute.

  That's nice.  The documentation says how to do that.

  See doc/modules/ldap_howto.rst

  All this is documented.  It shouldn't be necessary to ask "yes, the documentation says that... but can I _really_ do it?"

  The documentation doesn't lie.  And honestly, *trying* something isn't difficult.  And is generally faster than asking questions and waiting for replies.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: LDAP Simultaneous-use

basteon
What you do guys?

чт, 24 сент. 2020 г. в 1:27, Alan DeKok <[hidden email]>:

> On Sep 23, 2020, at 11:18 AM, Alex <[hidden email]> wrote:
>
> >
>
> > Perfect,
>
> > so basically I have to update the "control" attribute set.
>
>
>
>   That is what the documentation says.
>
>
>
> > Can I use the following syntax in the update section?
>
> >
>
> > update {
>
> > ....
>
> > control:Simultaneous-Use = 'radiusSimultaneousUse'
>
> > ...
>
> > }
>
>
>
>   What does the documentation say?
>
>
>
> > I would like to set the simultaneous-use directly mapping a specific
>
> > attribute, instead of mapping a "generic" attribute.
>
>
>
>   That's nice.  The documentation says how to do that.
>
>
>
>   See doc/modules/ldap_howto.rst
>
>
>
>   All this is documented.  It shouldn't be necessary to ask "yes, the
> documentation says that... but can I _really_ do it?"
>
>
>
>   The documentation doesn't lie.  And honestly, *trying* something isn't
> difficult.  And is generally faster than asking questions and waiting for
> replies.
>
>
>
>   Alan DeKok.
>
>
>
>
>
> -
>
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html