Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
P
puppet-freeradius
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Projets publics
puppet-freeradius
Commits
ae66f489
Commit
ae66f489
authored
Feb 1, 2016
by
Jonathan Gazeley
Browse files
Options
Downloads
Patches
Plain Diff
Remove FR2 support from ldap module
parent
c3e3983f
No related branches found
No related tags found
No related merge requests found
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
manifests/ldap.pp
+1
-2
1 addition, 2 deletions
manifests/ldap.pp
templates/ldap.erb
+0
-0
0 additions, 0 deletions
templates/ldap.erb
templates/ldap.fr2.erb
+0
-198
0 additions, 198 deletions
templates/ldap.fr2.erb
with
1 addition
and
200 deletions
manifests/ldap.pp
+
1
−
2
View file @
ae66f489
...
...
@@ -25,7 +25,6 @@ define freeradius::ldap (
$fr_service
=
$::freeradius::params::fr_service
$fr_modulepath
=
$::freeradius::params::fr_modulepath
$fr_group
=
$::freeradius::params::fr_group
$fr_version
=
$::freeradius::params::fr_version
# Validate our inputs
# Hostnames
...
...
@@ -70,7 +69,7 @@ define freeradius::ldap (
mode
=>
'0640'
,
owner
=>
'root'
,
group
=>
$fr_group
,
content
=>
template
(
"freeradius/ldap.
fr
${fr_version}
.
erb"
),
content
=>
template
(
"freeradius/ldap.erb"
),
require
=>
[
Package
[
$fr_package
],
Group
[
$fr_group
]],
notify
=>
Service
[
$fr_service
],
}
...
...
This diff is collapsed.
Click to expand it.
templates/ldap.
fr3.
erb
→
templates/ldap.erb
+
0
−
0
View file @
ae66f489
File moved
This diff is collapsed.
Click to expand it.
templates/ldap.fr2.erb
deleted
100644 → 0
+
0
−
198
View file @
c3e3983f
# -*- text -*-
#
# $Id$
# Lightweight Directory Access Protocol (LDAP)
#
# This module definition allows you to use LDAP for
# authorization and authentication.
#
# See raddb/sites-available/default for reference to the
# ldap module in the authorize and authenticate sections.
#
# However, LDAP can be used for authentication ONLY when the
# Access-Request packet contains a clear-text User-Password
# attribute. LDAP authentication will NOT work for any other
# authentication method.
#
# This means that LDAP servers don't understand EAP. If you
# force "Auth-Type = LDAP", and then send the server a
# request containing EAP authentication, then authentication
# WILL NOT WORK.
#
# The solution is to use the default configuration, which does
# work.
#
# Setting "Auth-Type = LDAP" is ALMOST ALWAYS WRONG. We
# really can't emphasize this enough.
#
ldap
<%=
@name
%>
{
#
# Note that this needs to match the name in the LDAP
# server certificate, if you're using ldaps.
<%
@serverarray
.
each
do
|
srv
|
-%>
server = "
<%=
srv
%>
"
<%
end
-%>
identity = "
<%=
@identity
%>
"
password =
<%=
@password
%>
basedn = "
<%=
@basedn
%>
"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
#base_filter = "(objectclass=radiusprofile)"
# How many connections to keep open to the LDAP server.
# This saves time over opening a new LDAP socket for
# every authentication request.
ldap_connections_number =
<%=
@max
%>
# How many times the connection can be used before
# being re-established. This is useful for things
# like load balancers, which may exhibit sticky
# behaviour without it. (0) is unlimited.
max_uses =
<%=
@uses
%>
# Port to connect on, defaults to 389. Setting this to
# 636 will enable LDAPS if start_tls (see below) is not
# able to be used.
port =
<%=
@port
%>
# seconds to wait for LDAP query to finish. default: 20
timeout =
<%=
@timeout
%>
# seconds LDAP server has to process the query (server-side
# time limit). default: 20
#
# LDAP_OPT_TIMELIMIT is set to this value.
timelimit = 3
#
# seconds to wait for response of the server. (network
# failures) default: 10
#
# LDAP_OPT_NETWORK_TIMEOUT is set to this value.
net_timeout = 1
#
# This subsection configures the tls related items
# that control how FreeRADIUS connects to an LDAP
# server. It contains all of the "tls_*" configuration
# entries used in older versions of FreeRADIUS. Those
# configuration entries can still be used, but we recommend
# using these.
#
tls {
# Set this to 'yes' to use TLS encrypted connections
# to the LDAP database by using the StartTLS extended
# operation.
#
# The StartTLS operation is supposed to be
# used with normal ldap connections instead of
# using ldaps (port 636) connections
start_tls =
<%=
@starttls
%>
<%
if
@cafile
-%>
cacertfile =
<%=
@cafile
%><%
end
%>
# cacertdir = /path/to/ca/dir/
<%
if
@certfile
-%>
certfile =
<%=
@certfile
%><%
end
%>
<%
if
@keyfile
-%>
keyfile =
<%=
@keyfile
%><%
end
%>
# randfile = /path/to/rnd
# Certificate Verification requirements. Can be:
# "never" (don't even bother trying)
# "allow" (try, but don't fail if the cerificate
# can't be verified)
# "demand" (fail if the certificate doesn't verify.)
#
# The default is "allow"
require_cert = "
<%=
@requirecert
%>
"
}
# default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
# profile_attribute = "radiusProfileDn"
# access_attr = "dialupAccess"
# Mapping of RADIUS dictionary attributes to LDAP
# directory attributes.
dictionary_mapping = ${confdir}/ldap.attrmap
# Set password_attribute = nspmPassword to get the
# user's password from a Novell eDirectory
# backend. This will work ONLY IF FreeRADIUS has been
# built with the --with-edir configure option.
#
# See also the following links:
#
# http://www.novell.com/coolsolutions/appnote/16745.html
# https://secure-support.novell.com/KanisaPlatform/Publishing/558/3009668_f.SAL_Public.html
#
# Novell may require TLS encrypted sessions before returning
# the user's password.
#
# password_attribute = userPassword
# Un-comment the following to disable Novell
# eDirectory account policy check and intruder
# detection. This will work *only if* FreeRADIUS is
# configured to build with --with-edir option.
#
edir_account_policy_check = no
#
# Group membership checking. Disabled by default.
#
# groupname_attribute = cn
# groupmembership_filter = "(|(
&
(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(
&
(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))"
# groupmembership_attribute = radiusGroupName
# compare_check_items = yes
# do_xlat = yes
# access_attr_used_for_allow = yes
#
# The following two configuration items are for Active Directory
# compatibility. If you see the helpful "operations error"
# being returned to the LDAP module, uncomment the next
# two lines.
#
chase_referrals = yes
rebind = yes
#
# By default, if the packet contains a User-Password,
# and no other module is configured to handle the
# authentication, the LDAP module sets itself to do
# LDAP bind for authentication.
#
# THIS WILL ONLY WORK FOR PAP AUTHENTICATION.
#
# THIS WILL NOT WORK FOR CHAP, MS-CHAP, or 802.1x (EAP).
#
# You can disable this behavior by setting the following
# configuration entry to "no".
#
# allowed values: {no, yes}
# set_auth_type = yes
# ldap_debug: debug flag for LDAP SDK
# (see OpenLDAP documentation). Set this to enable
# huge amounts of LDAP debugging on the screen.
# You should only use this if you are an LDAP expert.
#
# default: 0x0000 (no debugging messages)
# Example:(LDAP_DEBUG_FILTER+LDAP_DEBUG_CONNS)
#ldap_debug = 0x0028
#
# Keepalive configuration. This MAY NOT be supported by your
# LDAP library. If these configuration entries appear in the
# output of "radiusd -X", then they are supported. Otherwise,
# they are unsupported, and changing them will do nothing.
#
keepalive {
# LDAP_OPT_X_KEEPALIVE_IDLE
idle =
<%=
@idle
%>
# LDAP_OPT_X_KEEPALIVE_PROBES
probes =
<%=
@probes
%>
# LDAP_OPT_X_KEEPALIVE_INTERVAL
interval =
<%=
@interval
%>
}
}
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment