Thanks Ashish. Yes. I have a case open but still stuck with the same questions. The proposal for concurrent connections to the same server did not help. Is the LDAP authentication interface single threaded? Thanks, Gaurav ... View more

I also wanted to know whether MaxConcurrent value applies for LDAP or is it only for Oracle. I bumped the MaxConcurrent number from 1 to 4 with the assumption that it will bind four times with the LDAP server but I don't see this. The LDAP requests seem to be going in serial. ... View more

Thanks for your help Ashish. The sbr log file and the tcpdump capture (RADIUS and LDAP) are in the attached zip file. The relevant ldapauth.aut configuration is below. [Search/DoLdapSearch] BindName=cn=manager,dc=home,dc=net BindPassword=password Base=ou=users,ou=radius,dc=home,dc=net Scope = 2 Filter = uid=<User-Name> %DN = dn OnFound = AuthenticateUser OnNotFound=$reject [Search/AuthenticateUser] Bind = <dn> Base = <dn> Scope = 2 Filter = uid=<User-Name> Attributes = AttrList Timeout = 20 %DN = dn onnotfound=$reject [Attributes/AttrList] radiusGroupName radiusFramedIPAddress radiusFramedIPNetmask [Response] %Profile = radiusGroupName Framed-IP-Address = radiusFramedIPAddress Framed-IP-Netmask = radiusFramedIPNetmask ... View more

Ashish, Thanks for the link. I was looking for a sample ldap schema. Anyway, I used the one from freeradius and got the openldap server up and running. Now I have problem, where the SBR doesn't seems to be returning the right attributes. This is what I have done so far. 1. Test accounts are in LDAP. 2. Ldapauth.aut file has been updated as described in point 3 and 4. 3. Attribute List to retrieve from ldap server is set. Currently getting the following three: a. radiusGroupName b. radiusIPAddress c. radiusIPNetmask 4. Added a Response section, which maps the responses as following: %Profile = radiusGroupName ; Allows us to use the profiles that exist in the SBR server. Framed-IP-Address = radiusIPAddress Framed-IP-Netmask = radiusIPNetmask SBR has no issues connecting to the OpenLDAP server. The debug log from the SBR reads as follows: 02/24/2011 22:24:40 LDAPAUTH: Performing search; base = ou=users,ou=radius,dc=home,dc=net, scope = 2, filter = uid=TST90004D, attrs = 02/24/2011 22:24:40 LDAPAUTH: Search returned objectClass;ou;uid;userPassword;radiusFramedIPAddress;radiusFramedIPNetmask;radiusGroupName 02/24/2011 22:24:40 LDAPAUTH: Search returned DN = "uid=TST90004D,ou=users,ou=radius,dc=home,dc=net" 02/24/2011 22:24:40 LDAPAUTH: Setting variable dn = "uid=TST90004D,ou=users,ou=radius,dc=home,dc=net" 02/24/2011 22:24:40 LDAPAUTH: Bind succeeded for user "TST90004D", dn = "uid=TST90004D,ou=users,ou=radius,dc=home,dc=net" 02/24/2011 22:24:40 LDAPAUTH: Performing search; base = uid=TST90004D,ou=users,ou=radius,dc=home,dc=net, scope = 2, filter = uid=TST90004D, attrs = radiusGroupName,radiusFramedIPAddress,radiusFramedIPNetmask 02/24/2011 22:24:40 LDAPAUTH: Search returned radiusFramedIPAddress;radiusFramedIPNetmask;radiusGroupName 02/24/2011 22:24:40 LDAPAUTH: Search returned DN = "uid=TST90004D,ou=users,ou=radius,dc=home,dc=net" 02/24/2011 22:24:40 LDAPAUTH: Setting variable dn = "uid=TST90004D,ou=users,ou=radius,dc=home,dc=net" 02/24/2011 22:24:40 LDAPAUTH: Authentication attempt = 0, user = TST90004D, server = s1 - Success 02/24/2011 22:24:40 Determined that TST90004D authenticated by plug-in module is the user However, the attributes are not being returned. Response below. Sending Access-Request of id 155 to 192.168.50.100 port 1812 User-Name = "TST90004D" User-Password = "test" NAS-IP-Address = 192.168.50.53 NAS-Port = 4471 Framed-Protocol = PPP rad_recv: Access-Accept packet from host 192.168.50.100:1812,, length=82 Class = 0x53425232434ca0afd4cda1faaee8d8c011802901800481998c868002800b81aa94eac3c9c0e0b09a918012800e81a0afd4cda1faaee8d8c0808080ac After reading the documentation, I am under the impression that the variables defined in the Response section are returned back to the NAS. Is that not correct? Thanks, Gaurav ... View more

Sorry for bringing this old topic back to life. From where can I get the openldap schema? Thanks ... View more