diff options
-rw-r--r-- | config/freeradius2/freeradiusmodulesldap.xml | 277 |
1 files changed, 271 insertions, 6 deletions
diff --git a/config/freeradius2/freeradiusmodulesldap.xml b/config/freeradius2/freeradiusmodulesldap.xml index 06a990e7..cf7f5b33 100644 --- a/config/freeradius2/freeradiusmodulesldap.xml +++ b/config/freeradius2/freeradiusmodulesldap.xml @@ -98,7 +98,7 @@ </tabs> <fields> <field> - <name>ENABLE LDAP SUPPORT</name> + <name>ENABLE LDAP SUPPORT - SERVER 1</name> <type>listtopic</type> </field> <field> @@ -106,6 +106,7 @@ <fieldname>varmodulesldapenableauthorize</fieldname> <description><![CDATA[This enables LDAP in authorize section. The ldap module will set Auth-Type to LDAP if it has not already been set. (Default: unchecked)]]></description> <type>checkbox</type> + <enablefields>varmodulesldap2enableauthenticate,varmodulesldapkeepaliveinterval,varmodulesldapkeepaliveprobes,varmodulesldapkeepaliveidle,varmodulesldapmsadcompatibilityenable,varmodulesldapnettimeout,varmodulesldaptimelimit,varmodulesldaptimeout,varmodulesldapldapconnectionsnumber,varmodulesldapbasefilter,varmodulesldapfilter,varmodulesldapbasedn,varmodulesldappassword,varmodulesldapidentity,varmodulesldapserver,varmodulesldap2enableauthorize,varmodulesldap2enableauthenticate,varmodulesldap2server,varmodulesldap2identity,varmodulesldap2password,varmodulesldap2basedn,varmodulesldap2filter,varmodulesldap2basefilter,varmodulesldap2ldapconnectionsnumber,varmodulesldap2timeout,varmodulesldap2timelimit,varmodulesldap2nettimeout,varmodulesldap2msadcompatibilityenable,varmodulesldap2dmiscenable,varmodulesldap2groupenable,varmodulesldap2keepaliveidle,varmodulesldap2keepaliveprobes,varmodulesldap2keepaliveinterval</enablefields> </field> <field> <fielddescr>Enable LDAP For Authentication</fielddescr> @@ -114,7 +115,7 @@ <type>checkbox</type> </field> <field> - <name>GENERAL CONFIGURATION</name> + <name>GENERAL CONFIGURATION - SERVER 1</name> <type>listtopic</type> </field> <field> @@ -198,7 +199,7 @@ <default_value>1</default_value> </field> <field> - <name>MISCELLANEOUS CONFIGURATION</name> + <name>MISCELLANEOUS CONFIGURATION - SERVER 1</name> <type>listtopic</type> </field> <field> @@ -213,7 +214,7 @@ </options> </field> <field> - <fielddescr>Enable Misc Configuration</fielddescr> + <fielddescr>Enable Misc Configuration - SERVER 1</fielddescr> <fieldname>varmodulesldapdmiscenable</fieldname> <description><![CDATA[By default the below options are not active in the configuration. (Default: unchecked)]]></description> <type>checkbox</type> @@ -244,7 +245,7 @@ <default_value>dialupAccess</default_value> </field> <field> - <name>Group Membership Options</name> + <name>Group Membership Options - SERVER 1</name> <type>listtopic</type> </field> <field> @@ -312,7 +313,7 @@ </options> </field> <field> - <name>KEEPALIVE CONFIGURATION</name> + <name>KEEPALIVE CONFIGURATION - SERVER 1</name> <type>listtopic</type> </field> <field> @@ -339,6 +340,270 @@ <size>80</size> <default_value>3</default_value> </field> + + + <field> + <name>ENABLE REDUNDANT LDAP SERVER SUPPORT</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Choose Failover/Loadbalancing Mode</fielddescr> + <fieldname>varmodulesldap2failover</fieldname> + <description><![CDATA[Choose the interaction of the two LDAP servers: (Default: redundant)<br><br> + <b>redundant:</b> If server 1 fails failover to server 2<br> + <b>load-balance:</b> The load is balanced 50:50 to both servers<br> + <b>redundant-load-balance:</b> The load is balanced 50:50 to both servers. If one is down the other does 100%.]]></description> + <type>select</type> + <default_value>redundant</default_value> + <options> + <option><name>Redundant</name><value>redundant</value></option> + <option><name>Load-Balance</name><value>load-balance</value></option> + <option><name>Redundant-Load-Balance</name><value>redundant-load-balance</value></option> + </options> + </field> + <field> + <name>ENABLE LDAP SUPPORT - SERVER 2</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable LDAP For Authorization</fielddescr> + <fieldname>varmodulesldap2enableauthorize</fieldname> + <description><![CDATA[This enables LDAP in authorize section. The ldap module will set Auth-Type to LDAP if it has not already been set. (Default: unchecked)]]></description> + <type>checkbox</type> + <enablefields>varmodulesldap2enableauthenticate,varmodulesldap2server,varmodulesldap2identity,varmodulesldap2password,varmodulesldap2basedn,varmodulesldap2filter,varmodulesldap2basefilter,varmodulesldap2ldapconnectionsnumber,varmodulesldap2timeout,varmodulesldap2timelimit,varmodulesldap2nettimeout,varmodulesldap2msadcompatibilityenable,varmodulesldap2dmiscenable,varmodulesldap2groupenable,varmodulesldap2keepaliveidle,varmodulesldap2keepaliveprobes,varmodulesldap2keepaliveinterval</enablefields> + </field> + <field> + <fielddescr>Enable LDAP For Authentication</fielddescr> + <fieldname>varmodulesldap2enableauthenticate</fieldname> + <description><![CDATA[This enables LDAP in authenticate section. Note that this means "check plain-text password against the ldap database", which means that EAP won't work, as it does not supply a plain-text password.]]></description> + <type>checkbox</type> + </field> + <field> + <name>GENERAL CONFIGURATION - SERVER 2</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Server</fielddescr> + <fieldname>varmodulesldap2server</fieldname> + <description><![CDATA[No description. (Default: ldap.your.domain )]]></description> + <type>input</type> + <size>80</size> + <default_value>ldap.your.domain</default_value> + </field> + <field> + <fielddescr>Identity</fielddescr> + <fieldname>varmodulesldap2identity</fieldname> + <description><![CDATA[No description. (Default: cn=admin,o=My Org,c=UA )]]></description> + <type>input</type> + <size>80</size> + <default_value><![CDATA[cn=admin,o=My Org,c=UA]]></default_value> + </field> + <field> + <fielddescr>Password</fielddescr> + <fieldname>varmodulesldap2password</fieldname> + <description><![CDATA[No description. (Default: mypass)]]></description> + <type>password</type> + <size>80</size> + <default_value>mypass</default_value> + </field> + <field> + <fielddescr>Basedn</fielddescr> + <fieldname>varmodulesldap2basedn</fieldname> + <description><![CDATA[No description (Default: o=My Org,c=UA )]]></description> + <type>input</type> + <size>80</size> + <default_value><![CDATA[o=My Org,c=UA]]></default_value> + </field> + <field> + <fielddescr>Filter</fielddescr> + <fieldname>varmodulesldap2filter</fieldname> + <description><![CDATA[No description. (Default: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) )]]></description> + <type>input</type> + <size>80</size> + <default_value><![CDATA[(uid=%{%{Stripped-User-Name}:-%{User-Name}})]]></default_value> + </field> + <field> + <fielddescr>Base Filter</fielddescr> + <fieldname>varmodulesldap2basefilter</fieldname> + <description><![CDATA[No description. (Default: (objectclass=radiusprofile) )]]></description> + <type>input</type> + <size>80</size> + <default_value><![CDATA[(objectclass=radiusprofile)]]></default_value> + </field> + <field> + <fielddescr>LDAP Connections Number</fielddescr> + <fieldname>varmodulesldap2ldapconnectionsnumber</fieldname> + <description><![CDATA[How many connections to keep open to the LDAP server. This saves time over opening a new LDAP socket for every authentication request. (Default: 5)]]></description> + <type>input</type> + <size>80</size> + <default_value>5</default_value> + </field> + <field> + <fielddescr>Timeout</fielddescr> + <fieldname>varmodulesldap2timeout</fieldname> + <description><![CDATA[Seconds to wait for LDAP query to finish. (Default: 4)]]></description> + <type>input</type> + <size>80</size> + <default_value>4</default_value> + </field> + <field> + <fielddescr>Timelimit</fielddescr> + <fieldname>varmodulesldap2timelimit</fieldname> + <description><![CDATA[Seconds the LDAP server has to process the query (server-side time limit). (Default: 3)]]></description> + <type>input</type> + <size>80</size> + <default_value>3</default_value> + </field> + <field> + <fielddescr>Net Timeout</fielddescr> + <fieldname>varmodulesldap2nettimeout</fieldname> + <description><![CDATA[Seconds to wait for response of the server because of network failures. (Default: 1)]]></description> + <type>input</type> + <size>80</size> + <default_value>1</default_value> + </field> + <field> + <name>MISCELLANEOUS CONFIGURATION - SERVER 2</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Active Directory Compatibility</fielddescr> + <fieldname>varmodulesldap2msadcompatibilityenable</fieldname> + <description><![CDATA[If you see the helpful "operations error" being returned to the LDAP module enable this. (Default: Disable)]]></description> + <type>select</type> + <default_value>Disable</default_value> + <options> + <option><name>Disable</name><value>Disable</value></option> + <option><name>Enable</name><value>Enable</value></option> + </options> + </field> + <field> + <fielddescr>Enable Misc Configuration</fielddescr> + <fieldname>varmodulesldap2dmiscenable</fieldname> + <description><![CDATA[By default the below options are not active in the configuration. (Default: unchecked)]]></description> + <type>checkbox</type> + <enablefields>varmodulesldap2defaultprofile,varmodulesldap2profileattribute,varmodulesldap2accessattr</enablefields> + </field> + <field> + <fielddescr>Default Profile</fielddescr> + <fieldname>varmodulesldap2defaultprofile</fieldname> + <description><![CDATA[No description. (Default: cn=radprofile,ou=dialup,o=My Org,c=UA )]]></description> + <type>input</type> + <size>80</size> + <default_value><![CDATA[cn=radprofile,ou=dialup,o=My Org,c=UA]]></default_value> + </field> + <field> + <fielddescr>Profile Attribute</fielddescr> + <fieldname>varmodulesldap2profileattribute</fieldname> + <description><![CDATA[No description. (Default: radiusProfileDn)]]></description> + <type>input</type> + <size>80</size> + <default_value>radiusProfileDn</default_value> + </field> + <field> + <fielddescr>Access Attribute</fielddescr> + <fieldname>varmodulesldap2accessattr</fieldname> + <description><![CDATA[No description. (Default: dialupAccess)]]></description> + <type>input</type> + <size>80</size> + <default_value>dialupAccess</default_value> + </field> + <field> + <name>Group Membership Options - SERVER 2</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable Group Membership Options</fielddescr> + <fieldname>varmodulesldap2groupenable</fieldname> + <description><![CDATA[By default the below options are not active in the configuration. (Default: unchecked)]]></description> + <type>checkbox</type> + <enablefields>varmodulesldap2accessattrusedforallow,varmodulesldap2doxlat,varmodulesldap2comparecheckitems,varmodulesldap2groupmembershipattribute,varmodulesldap2groupmembershipfilter,varmodulesldap2groupnameattribute</enablefields> + </field> + <field> + <fielddescr>Groupname Attribute</fielddescr> + <fieldname>varmodulesldap2groupnameattribute</fieldname> + <description><![CDATA[No description. (Default: cn)]]></description> + <type>input</type> + <size>80</size> + <default_value>cn</default_value> + </field> + <field> + <fielddescr>Groupmembership Filter</fielddescr> + <fieldname>varmodulesldap2groupmembershipfilter</fieldname> + <description><![CDATA[No description. (Default: (|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))) )]]></description> + <type>input</type> + <size>80</size> + <default_value><![CDATA[(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))]]></default_value> + </field> + <field> + <fielddescr>Groupmembership Attribute</fielddescr> + <fieldname>varmodulesldap2groupmembershipattribute</fieldname> + <description><![CDATA[No description. (Default: radiusGroupName)]]></description> + <type>input</type> + <size>80</size> + <default_value>radiusGroupName</default_value> + </field> + <field> + <fielddescr>Compare Check Items</fielddescr> + <fieldname>varmodulesldap2comparecheckitems</fieldname> + <description><![CDATA[No description. (Default: Yes)]]></description> + <type>select</type> + <default_value>Yes</default_value> + <options> + <option><name>Yes</name><value>yes</value></option> + <option><name>No</name><value>no</value></option> + </options> + </field> + <field> + <fielddescr>Do XLAT</fielddescr> + <fieldname>varmodulesldap2doxlat</fieldname> + <description><![CDATA[No description. (Default: Yes)]]></description> + <type>select</type> + <default_value>Yes</default_value> + <options> + <option><name>Yes</name><value>yes</value></option> + <option><name>No</name><value>no</value></option> + </options> + </field> + <field> + <fielddescr>Access Attribute Used For Allow</fielddescr> + <fieldname>varmodulesldap2accessattrusedforallow</fieldname> + <description><![CDATA[No description. (Default: Yes)]]></description> + <type>select</type> + <default_value>Yes</default_value> + <options> + <option><name>Yes</name><value>yes</value></option> + <option><name>No</name><value>no</value></option> + </options> + </field> + <field> + <name>KEEPALIVE CONFIGURATION - SERVER 2</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>LDAP OPT X KEEPALIVE IDLE</fielddescr> + <fieldname>varmodulesldap2keepaliveidle</fieldname> + <description><![CDATA[No description. (Default: 60)]]></description> + <type>input</type> + <size>80</size> + <default_value>60</default_value> + </field> + <field> + <fielddescr>LDAP OPT X KEEPALIVE PROBES</fielddescr> + <fieldname>varmodulesldap2keepaliveprobes</fieldname> + <description><![CDATA[No description. (Default: 3)]]></description> + <type>input</type> + <size>80</size> + <default_value>3</default_value> + </field> + <field> + <fielddescr>LDAP OPT X KEEPALIVE INTERVAL</fielddescr> + <fieldname>varmodulesldap2keepaliveinterval</fieldname> + <description><![CDATA[No description. (Default: 3)]]></description> + <type>input</type> + <size>80</size> + <default_value>3</default_value> + </field> </fields> <custom_delete_php_command> freeradius_modulesldap_resync(); |