aboutsummaryrefslogtreecommitdiffstats
path: root/config/freeradius2/freeradiusmodulesldap.xml
diff options
context:
space:
mode:
authorNachtfalke <nachtfalkeaw@web.de>2012-01-10 22:23:43 +0100
committerNachtfalke <nachtfalkeaw@web.de>2012-01-10 22:23:43 +0100
commit2f70074833769eac35d0e349fac6bb83271bc929 (patch)
treef73cf3858ffe273693fb013f4f304a27cdf94578 /config/freeradius2/freeradiusmodulesldap.xml
parente079490f37a5ad472336758b78c882daedd7a60e (diff)
downloadpfsense-packages-2f70074833769eac35d0e349fac6bb83271bc929.tar.gz
pfsense-packages-2f70074833769eac35d0e349fac6bb83271bc929.tar.bz2
pfsense-packages-2f70074833769eac35d0e349fac6bb83271bc929.zip
Update config/freeradius2/freeradiusmodulesldap.xml
Diffstat (limited to 'config/freeradius2/freeradiusmodulesldap.xml')
-rw-r--r--config/freeradius2/freeradiusmodulesldap.xml277
1 files changed, 271 insertions, 6 deletions
diff --git a/config/freeradius2/freeradiusmodulesldap.xml b/config/freeradius2/freeradiusmodulesldap.xml
index 06a990e7..cf7f5b33 100644
--- a/config/freeradius2/freeradiusmodulesldap.xml
+++ b/config/freeradius2/freeradiusmodulesldap.xml
@@ -98,7 +98,7 @@
</tabs>
<fields>
<field>
- <name>ENABLE LDAP SUPPORT</name>
+ <name>ENABLE LDAP SUPPORT - SERVER 1</name>
<type>listtopic</type>
</field>
<field>
@@ -106,6 +106,7 @@
<fieldname>varmodulesldapenableauthorize</fieldname>
<description><![CDATA[This enables LDAP in authorize section. The ldap module will set Auth-Type to LDAP if it has not already been set. (Default: unchecked)]]></description>
<type>checkbox</type>
+ <enablefields>varmodulesldap2enableauthenticate,varmodulesldapkeepaliveinterval,varmodulesldapkeepaliveprobes,varmodulesldapkeepaliveidle,varmodulesldapmsadcompatibilityenable,varmodulesldapnettimeout,varmodulesldaptimelimit,varmodulesldaptimeout,varmodulesldapldapconnectionsnumber,varmodulesldapbasefilter,varmodulesldapfilter,varmodulesldapbasedn,varmodulesldappassword,varmodulesldapidentity,varmodulesldapserver,varmodulesldap2enableauthorize,varmodulesldap2enableauthenticate,varmodulesldap2server,varmodulesldap2identity,varmodulesldap2password,varmodulesldap2basedn,varmodulesldap2filter,varmodulesldap2basefilter,varmodulesldap2ldapconnectionsnumber,varmodulesldap2timeout,varmodulesldap2timelimit,varmodulesldap2nettimeout,varmodulesldap2msadcompatibilityenable,varmodulesldap2dmiscenable,varmodulesldap2groupenable,varmodulesldap2keepaliveidle,varmodulesldap2keepaliveprobes,varmodulesldap2keepaliveinterval</enablefields>
</field>
<field>
<fielddescr>Enable LDAP For Authentication</fielddescr>
@@ -114,7 +115,7 @@
<type>checkbox</type>
</field>
<field>
- <name>GENERAL CONFIGURATION</name>
+ <name>GENERAL CONFIGURATION - SERVER 1</name>
<type>listtopic</type>
</field>
<field>
@@ -198,7 +199,7 @@
<default_value>1</default_value>
</field>
<field>
- <name>MISCELLANEOUS CONFIGURATION</name>
+ <name>MISCELLANEOUS CONFIGURATION - SERVER 1</name>
<type>listtopic</type>
</field>
<field>
@@ -213,7 +214,7 @@
</options>
</field>
<field>
- <fielddescr>Enable Misc Configuration</fielddescr>
+ <fielddescr>Enable Misc Configuration - SERVER 1</fielddescr>
<fieldname>varmodulesldapdmiscenable</fieldname>
<description><![CDATA[By default the below options are not active in the configuration. (Default: unchecked)]]></description>
<type>checkbox</type>
@@ -244,7 +245,7 @@
<default_value>dialupAccess</default_value>
</field>
<field>
- <name>Group Membership Options</name>
+ <name>Group Membership Options - SERVER 1</name>
<type>listtopic</type>
</field>
<field>
@@ -312,7 +313,7 @@
</options>
</field>
<field>
- <name>KEEPALIVE CONFIGURATION</name>
+ <name>KEEPALIVE CONFIGURATION - SERVER 1</name>
<type>listtopic</type>
</field>
<field>
@@ -339,6 +340,270 @@
<size>80</size>
<default_value>3</default_value>
</field>
+
+
+ <field>
+ <name>ENABLE REDUNDANT LDAP SERVER SUPPORT</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Choose Failover/Loadbalancing Mode</fielddescr>
+ <fieldname>varmodulesldap2failover</fieldname>
+ <description><![CDATA[Choose the interaction of the two LDAP servers: (Default: redundant)<br><br>
+ <b>redundant:</b> If server 1 fails failover to server 2<br>
+ <b>load-balance:</b> The load is balanced 50:50 to both servers<br>
+ <b>redundant-load-balance:</b> The load is balanced 50:50 to both servers. If one is down the other does 100%.]]></description>
+ <type>select</type>
+ <default_value>redundant</default_value>
+ <options>
+ <option><name>Redundant</name><value>redundant</value></option>
+ <option><name>Load-Balance</name><value>load-balance</value></option>
+ <option><name>Redundant-Load-Balance</name><value>redundant-load-balance</value></option>
+ </options>
+ </field>
+ <field>
+ <name>ENABLE LDAP SUPPORT - SERVER 2</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Enable LDAP For Authorization</fielddescr>
+ <fieldname>varmodulesldap2enableauthorize</fieldname>
+ <description><![CDATA[This enables LDAP in authorize section. The ldap module will set Auth-Type to LDAP if it has not already been set. (Default: unchecked)]]></description>
+ <type>checkbox</type>
+ <enablefields>varmodulesldap2enableauthenticate,varmodulesldap2server,varmodulesldap2identity,varmodulesldap2password,varmodulesldap2basedn,varmodulesldap2filter,varmodulesldap2basefilter,varmodulesldap2ldapconnectionsnumber,varmodulesldap2timeout,varmodulesldap2timelimit,varmodulesldap2nettimeout,varmodulesldap2msadcompatibilityenable,varmodulesldap2dmiscenable,varmodulesldap2groupenable,varmodulesldap2keepaliveidle,varmodulesldap2keepaliveprobes,varmodulesldap2keepaliveinterval</enablefields>
+ </field>
+ <field>
+ <fielddescr>Enable LDAP For Authentication</fielddescr>
+ <fieldname>varmodulesldap2enableauthenticate</fieldname>
+ <description><![CDATA[This enables LDAP in authenticate section. Note that this means "check plain-text password against the ldap database", which means that EAP won't work, as it does not supply a plain-text password.]]></description>
+ <type>checkbox</type>
+ </field>
+ <field>
+ <name>GENERAL CONFIGURATION - SERVER 2</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Server</fielddescr>
+ <fieldname>varmodulesldap2server</fieldname>
+ <description><![CDATA[No description. (Default: ldap.your.domain )]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value>ldap.your.domain</default_value>
+ </field>
+ <field>
+ <fielddescr>Identity</fielddescr>
+ <fieldname>varmodulesldap2identity</fieldname>
+ <description><![CDATA[No description. (Default: cn=admin,o=My Org,c=UA )]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value><![CDATA[cn=admin,o=My Org,c=UA]]></default_value>
+ </field>
+ <field>
+ <fielddescr>Password</fielddescr>
+ <fieldname>varmodulesldap2password</fieldname>
+ <description><![CDATA[No description. (Default: mypass)]]></description>
+ <type>password</type>
+ <size>80</size>
+ <default_value>mypass</default_value>
+ </field>
+ <field>
+ <fielddescr>Basedn</fielddescr>
+ <fieldname>varmodulesldap2basedn</fieldname>
+ <description><![CDATA[No description (Default: o=My Org,c=UA )]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value><![CDATA[o=My Org,c=UA]]></default_value>
+ </field>
+ <field>
+ <fielddescr>Filter</fielddescr>
+ <fieldname>varmodulesldap2filter</fieldname>
+ <description><![CDATA[No description. (Default: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) )]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value><![CDATA[(uid=%{%{Stripped-User-Name}:-%{User-Name}})]]></default_value>
+ </field>
+ <field>
+ <fielddescr>Base Filter</fielddescr>
+ <fieldname>varmodulesldap2basefilter</fieldname>
+ <description><![CDATA[No description. (Default: (objectclass=radiusprofile) )]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value><![CDATA[(objectclass=radiusprofile)]]></default_value>
+ </field>
+ <field>
+ <fielddescr>LDAP Connections Number</fielddescr>
+ <fieldname>varmodulesldap2ldapconnectionsnumber</fieldname>
+ <description><![CDATA[How many connections to keep open to the LDAP server. This saves time over opening a new LDAP socket for every authentication request. (Default: 5)]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value>5</default_value>
+ </field>
+ <field>
+ <fielddescr>Timeout</fielddescr>
+ <fieldname>varmodulesldap2timeout</fieldname>
+ <description><![CDATA[Seconds to wait for LDAP query to finish. (Default: 4)]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value>4</default_value>
+ </field>
+ <field>
+ <fielddescr>Timelimit</fielddescr>
+ <fieldname>varmodulesldap2timelimit</fieldname>
+ <description><![CDATA[Seconds the LDAP server has to process the query (server-side time limit). (Default: 3)]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value>3</default_value>
+ </field>
+ <field>
+ <fielddescr>Net Timeout</fielddescr>
+ <fieldname>varmodulesldap2nettimeout</fieldname>
+ <description><![CDATA[Seconds to wait for response of the server because of network failures. (Default: 1)]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value>1</default_value>
+ </field>
+ <field>
+ <name>MISCELLANEOUS CONFIGURATION - SERVER 2</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Active Directory Compatibility</fielddescr>
+ <fieldname>varmodulesldap2msadcompatibilityenable</fieldname>
+ <description><![CDATA[If you see the helpful "operations error" being returned to the LDAP module enable this. (Default: Disable)]]></description>
+ <type>select</type>
+ <default_value>Disable</default_value>
+ <options>
+ <option><name>Disable</name><value>Disable</value></option>
+ <option><name>Enable</name><value>Enable</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Enable Misc Configuration</fielddescr>
+ <fieldname>varmodulesldap2dmiscenable</fieldname>
+ <description><![CDATA[By default the below options are not active in the configuration. (Default: unchecked)]]></description>
+ <type>checkbox</type>
+ <enablefields>varmodulesldap2defaultprofile,varmodulesldap2profileattribute,varmodulesldap2accessattr</enablefields>
+ </field>
+ <field>
+ <fielddescr>Default Profile</fielddescr>
+ <fieldname>varmodulesldap2defaultprofile</fieldname>
+ <description><![CDATA[No description. (Default: cn=radprofile,ou=dialup,o=My Org,c=UA )]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value><![CDATA[cn=radprofile,ou=dialup,o=My Org,c=UA]]></default_value>
+ </field>
+ <field>
+ <fielddescr>Profile Attribute</fielddescr>
+ <fieldname>varmodulesldap2profileattribute</fieldname>
+ <description><![CDATA[No description. (Default: radiusProfileDn)]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value>radiusProfileDn</default_value>
+ </field>
+ <field>
+ <fielddescr>Access Attribute</fielddescr>
+ <fieldname>varmodulesldap2accessattr</fieldname>
+ <description><![CDATA[No description. (Default: dialupAccess)]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value>dialupAccess</default_value>
+ </field>
+ <field>
+ <name>Group Membership Options - SERVER 2</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Enable Group Membership Options</fielddescr>
+ <fieldname>varmodulesldap2groupenable</fieldname>
+ <description><![CDATA[By default the below options are not active in the configuration. (Default: unchecked)]]></description>
+ <type>checkbox</type>
+ <enablefields>varmodulesldap2accessattrusedforallow,varmodulesldap2doxlat,varmodulesldap2comparecheckitems,varmodulesldap2groupmembershipattribute,varmodulesldap2groupmembershipfilter,varmodulesldap2groupnameattribute</enablefields>
+ </field>
+ <field>
+ <fielddescr>Groupname Attribute</fielddescr>
+ <fieldname>varmodulesldap2groupnameattribute</fieldname>
+ <description><![CDATA[No description. (Default: cn)]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value>cn</default_value>
+ </field>
+ <field>
+ <fielddescr>Groupmembership Filter</fielddescr>
+ <fieldname>varmodulesldap2groupmembershipfilter</fieldname>
+ <description><![CDATA[No description. (Default: (|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))) )]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value><![CDATA[(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))]]></default_value>
+ </field>
+ <field>
+ <fielddescr>Groupmembership Attribute</fielddescr>
+ <fieldname>varmodulesldap2groupmembershipattribute</fieldname>
+ <description><![CDATA[No description. (Default: radiusGroupName)]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value>radiusGroupName</default_value>
+ </field>
+ <field>
+ <fielddescr>Compare Check Items</fielddescr>
+ <fieldname>varmodulesldap2comparecheckitems</fieldname>
+ <description><![CDATA[No description. (Default: Yes)]]></description>
+ <type>select</type>
+ <default_value>Yes</default_value>
+ <options>
+ <option><name>Yes</name><value>yes</value></option>
+ <option><name>No</name><value>no</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Do XLAT</fielddescr>
+ <fieldname>varmodulesldap2doxlat</fieldname>
+ <description><![CDATA[No description. (Default: Yes)]]></description>
+ <type>select</type>
+ <default_value>Yes</default_value>
+ <options>
+ <option><name>Yes</name><value>yes</value></option>
+ <option><name>No</name><value>no</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Access Attribute Used For Allow</fielddescr>
+ <fieldname>varmodulesldap2accessattrusedforallow</fieldname>
+ <description><![CDATA[No description. (Default: Yes)]]></description>
+ <type>select</type>
+ <default_value>Yes</default_value>
+ <options>
+ <option><name>Yes</name><value>yes</value></option>
+ <option><name>No</name><value>no</value></option>
+ </options>
+ </field>
+ <field>
+ <name>KEEPALIVE CONFIGURATION - SERVER 2</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>LDAP OPT X KEEPALIVE IDLE</fielddescr>
+ <fieldname>varmodulesldap2keepaliveidle</fieldname>
+ <description><![CDATA[No description. (Default: 60)]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value>60</default_value>
+ </field>
+ <field>
+ <fielddescr>LDAP OPT X KEEPALIVE PROBES</fielddescr>
+ <fieldname>varmodulesldap2keepaliveprobes</fieldname>
+ <description><![CDATA[No description. (Default: 3)]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value>3</default_value>
+ </field>
+ <field>
+ <fielddescr>LDAP OPT X KEEPALIVE INTERVAL</fielddescr>
+ <fieldname>varmodulesldap2keepaliveinterval</fieldname>
+ <description><![CDATA[No description. (Default: 3)]]></description>
+ <type>input</type>
+ <size>80</size>
+ <default_value>3</default_value>
+ </field>
</fields>
<custom_delete_php_command>
freeradius_modulesldap_resync();