radiusprofile entry don't work

classic Classic list List threaded Threaded
12 messages Options
| Threaded
Open this post in threaded view
|

radiusprofile entry don't work

Felice Pizzurro
hi all,

excuse me for my bad english, I'm italian.
i would to create a structure wich control the user's access on a WLAN
by an auth-ldap.
I have create a ldap directory witch basedn dc=unime,dc=it.
now, like is write on the ldap_tutorial in the doc/ directory, i try to
import this ldif file (modified for my interst). the authentication to
be with the EAP-TLS protocol (it work fine) therefore I've deleted the
sections of the passwords and for authentication.

dn: dc=unime,dc=it
objectClass: dcObject
objectClass: organizationUnit
ou: Unime.it Radius
dc: unime

dn: ou=radius,dc=unime,dc=it
objectclass: organizationalunit
ou: radius

dn: ou=profiles,ou=radius,dc=unime,dc=it
objectclass: organizationalunit
ou: profiles

dn: ou=users,ou=radius,dc=unime,dc=it
objectclass: organizationalunit
ou: users

dn: uid=WLAN,ou=profiles,ou=radius,dc=unime,dc=it
objectclass: radiusprofile
uid: WLAN
radiusServiceType: Framed-User
radiusFramedProtocol: PPP
radiusFramedIPNetmask: 255.255.255.0
radiusFramedRouting: None

dn: uid=Felice,ou=users,ou=radius,dc=mydomain,dc=com
objectclass: radiusProfile
uid: Felice
radiusGroupName: WLAN

the entry with uid  =WLAN don't work, this is the message returned is
invalid syntax #0 approximately... I don't have my pc here.

Anyone can help me?
 
 
 --
 Email.it, the professional e-mail, gratis per te: http://www.email.it/f
 
 Sponsor:
 Migliaia di manuali e guide scaricabili su: Hacker, Reti, Webmaster, Windows e non solo...clicca qui
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=3412&d=30-6
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: radiusprofile entry don't work

Dusty Doris
> hi all,
>
> excuse me for my bad english, I'm italian.
> i would to create a structure wich control the user's access on a WLAN
> by an auth-ldap.
> I have create a ldap directory witch basedn dc=unime,dc=it.
> now, like is write on the ldap_tutorial in the doc/ directory, i try to
> import this ldif file (modified for my interst). the authentication to
> be with the EAP-TLS protocol (it work fine) therefore I've deleted the
> sections of the passwords and for authentication.
>
> dn: dc=unime,dc=it
> objectClass: dcObject
> objectClass: organizationUnit
> ou: Unime.it Radius
> dc: unime
>
> dn: ou=radius,dc=unime,dc=it
> objectclass: organizationalunit
> ou: radius
>
> dn: ou=profiles,ou=radius,dc=unime,dc=it
> objectclass: organizationalunit
> ou: profiles
>
> dn: ou=users,ou=radius,dc=unime,dc=it
> objectclass: organizationalunit
> ou: users
>
> dn: uid=WLAN,ou=profiles,ou=radius,dc=unime,dc=it
> objectclass: radiusprofile
> uid: WLAN
> radiusServiceType: Framed-User
> radiusFramedProtocol: PPP
> radiusFramedIPNetmask: 255.255.255.0
> radiusFramedRouting: None
>
> dn: uid=Felice,ou=users,ou=radius,dc=mydomain,dc=com
> objectclass: radiusProfile
> uid: Felice
> radiusGroupName: WLAN
>
> the entry with uid  =WLAN don't work, this is the message returned is
> invalid syntax #0 approximately... I don't have my pc here.
>
> Anyone can help me?
>

Check the RADIUS-LDAPv3.schema file that you used.  That howto doc was
using an old one that used uid, the new one uses cn.  Go down to the
objectclass of radiusprofile and look what it says in MUST.  If it says
cn, then you will need to use cn or change that to uid.

example:

dn: cn=WLAN,ou=profiles,ou=radius,dc=unime,dc=it
objectclass: radiusprofile
cn: WLAN
radiusServiceType: ....

OR change that file.

objectclass
   ( 1.3.6.1.4.1.3317.4.3.2.1
      NAME 'radiusprofile'
      SUP top AUXILIARY
      DESC ''
      MUST cn

to

objectclass
   ( 1.3.6.1.4.1.3317.4.3.2.1
      NAME 'radiusprofile'
      SUP top AUXILIARY
      DESC ''
      MUST uid


I'd recommend just using cn, so you don't have to remember to modify it
everytime you install freeradius on a machine.

-Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: radiusprofile entry don't work

Felice Pizzurro
Dusty Doris ha scritto:

>>hi all,
>>
>>excuse me for my bad english, I'm italian.
>>i would to create a structure wich control the user's access on a WLAN
>>by an auth-ldap.
>>I have create a ldap directory witch basedn dc=unime,dc=it.
>>now, like is write on the ldap_tutorial in the doc/ directory, i try to
>>import this ldif file (modified for my interst). the authentication to
>>be with the EAP-TLS protocol (it work fine) therefore I've deleted the
>>sections of the passwords and for authentication.
>>
>>dn: dc=unime,dc=it
>>objectClass: dcObject
>>objectClass: organizationUnit
>>ou: Unime.it Radius
>>dc: unime
>>
>>dn: ou=radius,dc=unime,dc=it
>>objectclass: organizationalunit
>>ou: radius
>>
>>dn: ou=profiles,ou=radius,dc=unime,dc=it
>>objectclass: organizationalunit
>>ou: profiles
>>
>>dn: ou=users,ou=radius,dc=unime,dc=it
>>objectclass: organizationalunit
>>ou: users
>>
>>dn: uid=WLAN,ou=profiles,ou=radius,dc=unime,dc=it
>>objectclass: radiusprofile
>>uid: WLAN
>>radiusServiceType: Framed-User
>>radiusFramedProtocol: PPP
>>radiusFramedIPNetmask: 255.255.255.0
>>radiusFramedRouting: None
>>
>>dn: uid=Felice,ou=users,ou=radius,dc=mydomain,dc=com
>>objectclass: radiusProfile
>>uid: Felice
>>radiusGroupName: WLAN
>>
>>the entry with uid  =WLAN don't work, this is the message returned is
>>invalid syntax #0 approximately... I don't have my pc here.
>>
>>Anyone can help me?
>>
>>    
>>
>
>Check the RADIUS-LDAPv3.schema file that you used.  That howto doc was
>using an old one that used uid, the new one uses cn.  Go down to the
>objectclass of radiusprofile and look what it says in MUST.  If it says
>cn, then you will need to use cn or change that to uid.
>
>example:
>
>dn: cn=WLAN,ou=profiles,ou=radius,dc=unime,dc=it
>objectclass: radiusprofile
>cn: WLAN
>radiusServiceType: ....
>
>OR change that file.
>
>objectclass
>   ( 1.3.6.1.4.1.3317.4.3.2.1
>      NAME 'radiusprofile'
>      SUP top AUXILIARY
>      DESC ''
>      MUST cn
>
>to
>
>objectclass
>   ( 1.3.6.1.4.1.3317.4.3.2.1
>      NAME 'radiusprofile'
>      SUP top AUXILIARY
>      DESC ''
>      MUST uid
>
>
>I'd recommend just using cn, so you don't have to remember to modify it
>everytime you install freeradius on a machine.
>
>-Dusty Doris
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>__________ NOD32 1.1157 (20050628) Information __________
>
>This message was checked by NOD32 antivirus system.
>http://www.nod32.com
>
>
>
>  
>
I have tryed both solution but don't work!!! :'(
this is the output:

#ldapadd -x -D "cn=Manager,dc=unime,dc=it" -W -f example.ldif
Enter LDAP Password:
adding new entry "ou=radius, dc=unime,dc=it"

adding new entry "ou=profiles, ou=radius,dc=unime,dc=it"

adding new entry "ou=users, ou=radius,dc=unime,dc=it"

adding new entry "cn=WLAN, ou=profiles,ou=radius,dc=unime,dc=it"
ldap_add: Invalid syntax (21)
        additional info: objectclass: value #0 invalid per syntax



I have forgotten:
I have deleted the first entry:

dn: dc=unime,dc=it
objectClass: dcObject
objectClass: organizationUnit
ou: Unime.it Radius
dc: unime


because don't work absolutely.

wtithout this entry the entryes for ou=radius ou=profiles ou=users
works, and I have the error output above.
With this entry I have a error on the first entry .

Anyone can help me??



 
 
 --
 Email.it, the professional e-mail, gratis per te: http://www.email.it/f
 
 Sponsor:
 Personalizza il tuo cellulare con le immagini più divertenti o con le foto di chi ami
*
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=3117&d=30-6
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: radiusprofile entry don't work

Dusty Doris
> I have tryed both solution but don't work!!! :'(
> this is the output:
>
> #ldapadd -x -D "cn=Manager,dc=unime,dc=it" -W -f example.ldif
> Enter LDAP Password:
> adding new entry "ou=radius, dc=unime,dc=it"
>
> adding new entry "ou=profiles, ou=radius,dc=unime,dc=it"
>
> adding new entry "ou=users, ou=radius,dc=unime,dc=it"
>
> adding new entry "cn=WLAN, ou=profiles,ou=radius,dc=unime,dc=it"
> ldap_add: Invalid syntax (21)
>         additional info: objectclass: value #0 invalid per syntax
>
>
>
> I have forgotten:
> I have deleted the first entry:
>
> dn: dc=unime,dc=it
> objectClass: dcObject
> objectClass: organizationUnit
> ou: Unime.it Radius
> dc: unime
>
>
> because don't work absolutely.
>
> wtithout this entry the entryes for ou=radius ou=profiles ou=users
> works, and I have the error output above.
> With this entry I have a error on the first entry .
>
> Anyone can help me??
>
>
>
>
>
>  --
>  Email.it, the professional e-mail, gratis per te: http://www.email.it/f
>
>  Sponsor:
>  Personalizza il tuo cellulare con le immagini più divertenti o con le foto di chi ami
> *
>  Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=3117&d=30-6
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: radiusprofile entry don't work

Dusty Doris
In reply to this post by Felice Pizzurro
> I have tryed both solution but don't work!!! :'(
> this is the output:
>
> #ldapadd -x -D "cn=Manager,dc=unime,dc=it" -W -f example.ldif
> Enter LDAP Password:
> adding new entry "ou=radius, dc=unime,dc=it"
>
> adding new entry "ou=profiles, ou=radius,dc=unime,dc=it"
>
> adding new entry "ou=users, ou=radius,dc=unime,dc=it"
>
> adding new entry "cn=WLAN, ou=profiles,ou=radius,dc=unime,dc=it"
> ldap_add: Invalid syntax (21)
>         additional info: objectclass: value #0 invalid per syntax
>

Did you include the RADIUS-LDAPv3.schema into slapd.conf?  You need to
tell openldap about the objectclass radiusprofile.

in slapd.conf
include                /yourpathto/openldap/schema/RADIUS-LDAPv3.schema

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: radiusprofile entry don't work

Felice Pizzurro
Dusty Doris ha scritto:

>>I have tryed both solution but don't work!!! :'(
>>this is the output:
>>
>>#ldapadd -x -D "cn=Manager,dc=unime,dc=it" -W -f example.ldif
>>Enter LDAP Password:
>>adding new entry "ou=radius, dc=unime,dc=it"
>>
>>adding new entry "ou=profiles, ou=radius,dc=unime,dc=it"
>>
>>adding new entry "ou=users, ou=radius,dc=unime,dc=it"
>>
>>adding new entry "cn=WLAN, ou=profiles,ou=radius,dc=unime,dc=it"
>>ldap_add: Invalid syntax (21)
>>        additional info: objectclass: value #0 invalid per syntax
>>
>>    
>>
>
>Did you include the RADIUS-LDAPv3.schema into slapd.conf?  You need to
>tell openldap about the objectclass radiusprofile.
>
>in slapd.conf
>include                /yourpathto/openldap/schema/RADIUS-LDAPv3.schema
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>__________ NOD32 1.1159 (20050630) Information __________
>
>This message was checked by NOD32 antivirus system.
>http://www.nod32.com
>
>
>
>  
>
yes, of course...
I have copied the RADIUS-LDAPv3.schema from the doc/ directory to my
directory /usr/local/etc/openldap/schema, and I import it in the slapd.conf.

this is my ldif file:

dn: ou=radius, dc=unime,dc=it
objectclass: organizationalunit
ou: radius

dn: ou=profiles, ou=radius,dc=unime,dc=it
objectclass: organizationalunit
ou: profiles

dn: ou=users, ou=radius,dc=unime,dc=it
objectclass: organizationalunit
ou: users

dn: cn=WLAN, ou=profiles,ou=radius,dc=unime,dc=it
objectClass: radiusProfile
cn: WLAN
radiusServiceType: Framed-User
radiusFramedProtocol: PPP
radiusFramedIPNetmask: 255.255.255.0
radiusFramedRouting: None

dn: cn=Felice, ou=users,ou=radius,dc=unime,dc=it
objectclass: radiusProfile
cn: Felice
radiusGroupName: WLAN
 
 
 --
 Email.it, the professional e-mail, gratis per te: http://www.email.it/f
 
 Sponsor:
 Giornata faticosa? Rilassati con il Cuscino per Massaggi che vibra!
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2742&d=1-7
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

RE: radiusprofile entry don't work

alan walters
In reply to this post by Felice Pizzurro
Where is the ldif of the client file

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Dusty Doris
Sent: 01 July 2005 13:42
To: FreeRadius users mailing list
Subject: Re: radiusprofile entry don't work

> I have tryed both solution but don't work!!! :'(
> this is the output:
>
> #ldapadd -x -D "cn=Manager,dc=unime,dc=it" -W -f example.ldif
> Enter LDAP Password:
> adding new entry "ou=radius, dc=unime,dc=it"
>
> adding new entry "ou=profiles, ou=radius,dc=unime,dc=it"
>
> adding new entry "ou=users, ou=radius,dc=unime,dc=it"
>
> adding new entry "cn=WLAN, ou=profiles,ou=radius,dc=unime,dc=it"
> ldap_add: Invalid syntax (21)
>         additional info: objectclass: value #0 invalid per syntax
>
>
>
> I have forgotten:
> I have deleted the first entry:
>
> dn: dc=unime,dc=it
> objectClass: dcObject
> objectClass: organizationUnit
> ou: Unime.it Radius
> dc: unime
>
>
> because don't work absolutely.
>
> wtithout this entry the entryes for ou=radius ou=profiles ou=users
> works, and I have the error output above.
> With this entry I have a error on the first entry .
>
> Anyone can help me??
>
>
>
>
>
>  --
>  Email.it, the professional e-mail, gratis per te: http://www.email.it/f
>
>  Sponsor:
>  Personalizza il tuo cellulare con le immagini più divertenti o con le foto di chi ami
> *
>  Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=3117&d=30-6
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: radiusprofile entry don't work

Felice Pizzurro
alan walters ha scritto:

>Where is the ldif of the client file
>
>-----Original Message-----
>From: [hidden email] [mailto:[hidden email]] On Behalf Of Dusty Doris
>Sent: 01 July 2005 13:42
>To: FreeRadius users mailing list
>Subject: Re: radiusprofile entry don't work
>
>  
>
>>I have tryed both solution but don't work!!! :'(
>>this is the output:
>>
>>#ldapadd -x -D "cn=Manager,dc=unime,dc=it" -W -f example.ldif
>>Enter LDAP Password:
>>adding new entry "ou=radius, dc=unime,dc=it"
>>
>>adding new entry "ou=profiles, ou=radius,dc=unime,dc=it"
>>
>>adding new entry "ou=users, ou=radius,dc=unime,dc=it"
>>
>>adding new entry "cn=WLAN, ou=profiles,ou=radius,dc=unime,dc=it"
>>ldap_add: Invalid syntax (21)
>>        additional info: objectclass: value #0 invalid per syntax
>>
>>
>>
>>I have forgotten:
>>I have deleted the first entry:
>>
>>dn: dc=unime,dc=it
>>objectClass: dcObject
>>objectClass: organizationUnit
>>ou: Unime.it Radius
>>dc: unime
>>
>>
>>because don't work absolutely.
>>
>>wtithout this entry the entryes for ou=radius ou=profiles ou=users
>>works, and I have the error output above.
>>With this entry I have a error on the first entry .
>>
>>Anyone can help me??
>>
>>
>>
>>
>>
>> --
>> Email.it, the professional e-mail, gratis per te: http://www.email.it/f
>>
>> Sponsor:
>> Personalizza il tuo cellulare con le immagini più divertenti o con le foto di chi ami
>>*
>> Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=3117&d=30-6
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>    
>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>__________ NOD32 1.1159 (20050630) Information __________
>
>This message was checked by NOD32 antivirus system.
>http://www.nod32.com
>
>
>
>  
>
can everyone post-me your RADIUS-LDAPv3.schema, only the section of
objectclass radiusprofile???
 
 
 --
 Email.it, the professional e-mail, gratis per te: http://www.email.it/f
 
 Sponsor:
 Libri e CD musicali - Oltre 12.000 titoli nuovi scontati dal 60 all'80%!
*
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=1898&d=1-7
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

change to RADIUS-LDAPv3.schema

Felice Pizzurro
In reply to this post by Felice Pizzurro
HI,

in this mail:

http://lists.cistron.nl/pipermail/freeradius-devel/2002-December/004151.html

i have read that it's need to change the RADIUS-LDAPv3.schema file for
version of openldap >=2.1.4.
I not understand the syntax of this changes, anyone can help me?

I become crazy, my version of openldap 2.2.26 don't work with the
objectclass radiusprofile.
help me please!!!
 
 
 --
 Email.it, the professional e-mail, gratis per te: http://www.email.it/f
 
 Sponsor:
 Niente paura, da oggi puoi recuperare i dati persi dal PC, semplice come cliccare qui
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=3361&d=2-7
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: radiusprofile entry don't work

Dusty Doris
In reply to this post by Felice Pizzurro
On Thu, 30 Jun 2005, Felice Pizzurro wrote:

> Dusty Doris ha scritto:
>
> >>I have tryed both solution but don't work!!! :'(
> >>this is the output:
> >>
> >>#ldapadd -x -D "cn=Manager,dc=unime,dc=it" -W -f example.ldif
> >>Enter LDAP Password:
> >>adding new entry "ou=radius, dc=unime,dc=it"
> >>
> >>adding new entry "ou=profiles, ou=radius,dc=unime,dc=it"
> >>
> >>adding new entry "ou=users, ou=radius,dc=unime,dc=it"
> >>
> >>adding new entry "cn=WLAN, ou=profiles,ou=radius,dc=unime,dc=it"
> >>ldap_add: Invalid syntax (21)
> >>        additional info: objectclass: value #0 invalid per syntax
> >>
> >Did you include the RADIUS-LDAPv3.schema into slapd.conf?  You need to
> >tell openldap about the objectclass radiusprofile.
> >
> >in slapd.conf
> >include                /yourpathto/openldap/schema/RADIUS-LDAPv3.schema
> >
> >-
> yes, of course...
> I have copied the RADIUS-LDAPv3.schema from the doc/ directory to my
> directory /usr/local/etc/openldap/schema, and I import it in the slapd.conf.
>
> this is my ldif file:
>
> dn: ou=radius, dc=unime,dc=it
> objectclass: organizationalunit
> ou: radius
>
> dn: ou=profiles, ou=radius,dc=unime,dc=it
> objectclass: organizationalunit
> ou: profiles
>
> dn: ou=users, ou=radius,dc=unime,dc=it
> objectclass: organizationalunit
> ou: users
>
> dn: cn=WLAN, ou=profiles,ou=radius,dc=unime,dc=it
> objectClass: radiusProfile
> cn: WLAN
> radiusServiceType: Framed-User
> radiusFramedProtocol: PPP
> radiusFramedIPNetmask: 255.255.255.0
> radiusFramedRouting: None
>
> dn: cn=Felice, ou=users,ou=radius,dc=unime,dc=it
> objectclass: radiusProfile
> cn: Felice
> radiusGroupName: WLAN
>
>

It looks like it should work to me.  Can you reply and attach that schema
file to the email?  That way I can take a look at it.  Also, be sure to
include the full ldif you are importing.  If you left anything out (such
as userPassword or any other attributes, be sure to include that).

Thanks


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: radiusprofile entry don't work

Felice Pizzurro
Dusty Doris ha scritto:

>On Thu, 30 Jun 2005, Felice Pizzurro wrote:
>
>  
>
>>Dusty Doris ha scritto:
>>
>>    
>>
>>>>I have tryed both solution but don't work!!! :'(
>>>>this is the output:
>>>>
>>>>#ldapadd -x -D "cn=Manager,dc=unime,dc=it" -W -f example.ldif
>>>>Enter LDAP Password:
>>>>adding new entry "ou=radius, dc=unime,dc=it"
>>>>
>>>>adding new entry "ou=profiles, ou=radius,dc=unime,dc=it"
>>>>
>>>>adding new entry "ou=users, ou=radius,dc=unime,dc=it"
>>>>
>>>>adding new entry "cn=WLAN, ou=profiles,ou=radius,dc=unime,dc=it"
>>>>ldap_add: Invalid syntax (21)
>>>>       additional info: objectclass: value #0 invalid per syntax
>>>>
>>>>        
>>>>
>>>Did you include the RADIUS-LDAPv3.schema into slapd.conf?  You need to
>>>tell openldap about the objectclass radiusprofile.
>>>
>>>in slapd.conf
>>>include                /yourpathto/openldap/schema/RADIUS-LDAPv3.schema
>>>
>>>-
>>>      
>>>
>>yes, of course...
>>I have copied the RADIUS-LDAPv3.schema from the doc/ directory to my
>>directory /usr/local/etc/openldap/schema, and I import it in the slapd.conf.
>>
>>this is my ldif file:
>>
>>dn: ou=radius, dc=unime,dc=it
>>objectclass: organizationalunit
>>ou: radius
>>
>>dn: ou=profiles, ou=radius,dc=unime,dc=it
>>objectclass: organizationalunit
>>ou: profiles
>>
>>dn: ou=users, ou=radius,dc=unime,dc=it
>>objectclass: organizationalunit
>>ou: users
>>
>>dn: cn=WLAN, ou=profiles,ou=radius,dc=unime,dc=it
>>objectClass: radiusProfile
>>cn: WLAN
>>radiusServiceType: Framed-User
>>radiusFramedProtocol: PPP
>>radiusFramedIPNetmask: 255.255.255.0
>>radiusFramedRouting: None
>>
>>dn: cn=Felice, ou=users,ou=radius,dc=unime,dc=it
>>objectclass: radiusProfile
>>cn: Felice
>>radiusGroupName: WLAN
>>
>>
>>    
>>
>
>It looks like it should work to me.  Can you reply and attach that schema
>file to the email?  That way I can take a look at it.  Also, be sure to
>include the full ldif you are importing.  If you left anything out (such
>as userPassword or any other attributes, be sure to include that).
>
>Thanks
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>  
>
I have find another RADIUS-LDAP.schema on internet, and now work
perfectly!!!!!
In attached this schema if anyone need it...

You think that a structure with authentication by EAP/TLS and
authorization by LDAP will work?
For this I have deleted the attrybute password, because the
authentication is made via TLS.
I'm trying.... if this solution work I create a little HOWTO


 
 
 --
 Email.it, the professional e-mail, gratis per te: http://www.email.it/f
 
 Sponsor:
 Email.it Phone Card: chiami in tutto il mondo a tariffe imbattibili da tutti i telefoni fissi e cellulari! Clicca e scopri come
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2686&d=2-7
#################################################
##### custom radius attributes ##################

objectIdentifier myOID 1.1
objectIdentifier mySNMP myOID:1
objectIdentifier myLDAP myOID:2
objectIdentifier myRadiusFlag myLDAP:1
objectIdentifier myObjectClass myLDAP:2

attributetype
    ( myRadiusFlag:1
    NAME 'radiusAscendRouteIP'
    DESC 'Ascend VSA Route IP'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE
    )

attributetype
    (myRadiusFlag:2
    NAME 'radiusAscendIdleLimit'
    DESC 'Ascend VSA Idle Limit'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE
    )

attributetype
    (myRadiusFlag:3
    NAME 'radiusAscendLinkCompression'
    DESC 'Ascend VSA Link Compression'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE
    )

attributetype
    (myRadiusFlag:4
    NAME 'radiusAscendAssignIPPool'
    DESC 'Ascend VSA AssignIPPool'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE
    )


attributetype
    (myRadiusFlag:5
    NAME 'radiusAscendMetric'
    DESC 'Ascend VSA Metric'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE
    )

#################################################

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.1
      NAME 'radiusArapFeatures'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.2
      NAME 'radiusArapSecurity'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.3
      NAME 'radiusArapZoneAccess'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.44
     NAME 'radiusAuthType'
     DESC ''
     EQUALITY caseIgnoreIA5Match
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
     SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.4
      NAME 'radiusCallbackId'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.5
      NAME 'radiusCallbackNumber'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.6
      NAME 'radiusCalledStationId'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.7
      NAME 'radiusCallingStationId'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.8
      NAME 'radiusClass'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.45
     NAME 'radiusClientIPAddress'
     DESC ''
     EQUALITY caseIgnoreIA5Match
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
     SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.9
      NAME 'radiusFilterId'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.10
      NAME 'radiusFramedAppleTalkLink'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.11
      NAME 'radiusFramedAppleTalkNetwork'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.12
      NAME 'radiusFramedAppleTalkZone'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.13
      NAME 'radiusFramedCompression'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.14
      NAME 'radiusFramedIPAddress'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.15
      NAME 'radiusFramedIPNetmask'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.16
      NAME 'radiusFramedIPXNetwork'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.17
      NAME 'radiusFramedMTU'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.18
      NAME 'radiusFramedProtocol'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.19
      NAME 'radiusFramedRoute'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.20
      NAME 'radiusFramedRouting'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.46
      NAME 'radiusGroupName'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.47
      NAME 'radiusHint'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.48
      NAME 'radiusHuntgroupName'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.21
      NAME 'radiusIdleTimeout'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.22
      NAME 'radiusLoginIPHost'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.23
      NAME 'radiusLoginLATGroup'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.24
      NAME 'radiusLoginLATNode'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.25
      NAME 'radiusLoginLATPort'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.26
      NAME 'radiusLoginLATService'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.27
      NAME 'radiusLoginService'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.28
      NAME 'radiusLoginTCPPort'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.29
      NAME 'radiusPasswordRetry'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.30
      NAME 'radiusPortLimit'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.49
      NAME 'radiusProfileDn'
      DESC ''
      EQUALITY distinguishedNameMatch
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.31
      NAME 'radiusPrompt'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.50
      NAME 'radiusProxyToRealm'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.51
      NAME 'radiusReplicateToRealm'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.52
      NAME 'radiusRealm'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.32
      NAME 'radiusServiceType'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.33
      NAME 'radiusSessionTimeout'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.34
      NAME 'radiusTerminationAction'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.35
      NAME 'radiusTunnelAssignmentId'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.36
      NAME 'radiusTunnelMediumType'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.37
      NAME 'radiusTunnelPassword'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.38
      NAME 'radiusTunnelPreference'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.39
      NAME 'radiusTunnelPrivateGroupId'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.40
      NAME 'radiusTunnelServerEndpoint'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.41
      NAME 'radiusTunnelType'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.42
      NAME 'radiusVSA'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.43
      NAME 'radiusTunnelClientEndpoint'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   )


#need to change asn1.id
attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.53
      NAME 'radiusSimultaneousUse'
      DESC ''
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.54
      NAME 'radiusLoginTime'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.55
      NAME 'radiusUserCategory'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.56
      NAME 'radiusStripUserName'
      DESC ''
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.57
      NAME 'dialupAccess'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.58
      NAME 'radiusExpiration'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
      SINGLE-VALUE
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.59
      NAME 'radiusCheckItem'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   )

attributetype
   ( 1.3.6.1.4.1.3317.4.3.1.60
      NAME 'radiusReplyItem'
      DESC ''
      EQUALITY caseIgnoreIA5Match
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
   )


objectclass
   ( 1.3.6.1.4.1.3317.4.3.2.1
      NAME 'radiusprofile'
      SUP top STRUCTURAL
      DESC ''
      MUST ( uid )
      MAY ( userPassword $
            radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $
            radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $
            radiusCalledStationId $ radiusCallingStationId $ radiusClass $
            radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $
            radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $
            radiusFramedCompression $ radiusFramedIPAddress $
            radiusFramedIPNetmask $ radiusFramedIPXNetwork $
            radiusFramedMTU $ radiusFramedProtocol $
            radiusCheckItem $ radiusReplyItem $
            radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $
            radiusGroupName $ radiusHint $ radiusHuntgroupName $
            radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $
            radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $
            radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $
            radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $
            radiusRealm $ radiusReplicateToRealm $ radiusServiceType $
            radiusSessionTimeout $ radiusStripUserName $
            radiusTerminationAction $ radiusTunnelAssignmentId $
            radiusTunnelClientEndpoint $ radiusIdleTimeout $
            radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $
            radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $
            radiusLoginTCPPort $ radiusPasswordRetry $ radiusPortLimit $
            radiusPrompt $ radiusProfileDn $ radiusServiceType $
            radiusSessionTimeout $ radiusSimultaneousUse $
            radiusTerminationAction $ radiusTunnelAssignmentId $
            radiusTunnelClientEndpoint $ radiusTunnelMediumType $
            radiusTunnelPassword $ radiusTunnelPreference $
            radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $
            radiusTunnelType $ radiusUserCategory $ radiusVSA $
            radiusExpiration $ dialupAccess $
            radiusAscendRouteIP $ radiusAscendIdleLimit $
            radiusAscendLinkCompression $
            radiusAscendAssignIPPool $ radiusAscendMetric )
   )

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: radiusprofile entry don't work

Dusty Doris
In reply to this post by Felice Pizzurro
> dn: cn=WLAN, ou=profiles,ou=radius,dc=unime,dc=it
> objectClass: radiusProfile
> cn: WLAN
> radiusServiceType: Framed-User
> radiusFramedProtocol: PPP
> radiusFramedIPNetmask: 255.255.255.0
> radiusFramedRouting: None

I think I know what's wrong.  If you are using the most recent version of
that file, then radiusProfile is an AUXILLARY objectclass.  You MUST have
one structural objectclass for each entry to add to openldap.

That means one of two things.  Either you change your objectclass to
structural, or you add another objectclass that is structural to that
entry.

example:

change radiusprofile objectclass to:

SUP top STRUCTURAL

OR include a structural objectclass in that user

dn: cn=WLAN, ou=profiles,ou=radius,dc=unime,dc=it
objectClass: radiusProfile
objectClass: person
cn: WLAN
sn: WLAN
radiusServiceType: Framed-User
radiusFramedProtocol: PPP
radiusFramedIPNetmask: 255.255.255.0
radiusFramedRouting: None

It may be in your best interest to read up more on ldap, specifically
openldap.  Perhaps subscribe to the openldap mailling list and some
general ones as well.

http://www.openldap.org/lists/
http://lists.fini.net/mailman/listinfo/ldap-interop
http://listserver.itd.umich.edu/cgi-bin/lyris.pl?enter=ldap
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html