Ldap auth ok

2 weeks ago · 96d9a0b2a1
parent a03f58e358
commit 96d9a0b2a1
11 changed files with 368 additions and 11 deletions
--- a/accel-ppp.conf
+++ b/accel-ppp.conf
@ -1,19 +1,17 @@
 [modules]
-#log_syslog
 log_file
+radius
 pptp
 sstp
-radius
 auth_pap
 auth_chap_md5
 auth_mschap_v1
 auth_mschap_v2
 chap-secrets
-ippool
+#ippool
 ipv6_nd
 ipv6_dhcp
 ipv6pool
-#iprange
 pppd_compat

 [common]
@ -23,7 +21,7 @@ single-session=replace
 chap-secrets=/etc/ppp/chap-secrets

 [ppp]
-verbose=0
+verbose=1
 mtu=1550
 mru=1550
 accomp=allow
@ -58,17 +56,19 @@ ipv6-pool=v6pool
 pv6-pool-delegate=v6pool-delegate

 [radius]
+dictionary=/usr/share/accel-ppp/radius/dictionary
 verbose=1
 interim-verbose=1
 server=fc00:b10c:4::eeee,secret123,auth-port=1812,acct-port=1813,req-limit=0,fail-time=0
+gw-ip-address=192.168.95.1

 [dns]
 dns1=8.8.8.8

-[ip-pool]
-gw-ip-address=192.168.95.1
-tunnel=192.168.95.2-254,v4pool
-192.168.95.0/24,v4pool
+#[ip-pool]
+#gw-ip-address=192.168.95.1
+#tunnel=192.168.95.2-254,v4pool
+#192.168.95.0/24,v4pool

 [ipv6-dns]
 dns=2001:4860:4860::8888
--- a/compose.yaml
+++ b/compose.yaml
@ -63,6 +63,20 @@ services:
    networks:
      - proxy-tier

+  phpldapadmin:
+    image: phpldapadmin/phpldapadmin
+    environment:
+      LDAP_HOST: "ldap"
+      LDAP_BASE_DN: "dc=bearns,dc=me"
+      LDAP_USERNAME: "cn=admin,dc=bearns,dc=me"
+      LDAP_LOGIN_OBJECTCLASS: "posixAccount,inetOrgPerson"
+      LDAP_ALLOW_GUEST: true
+      LDAP_PASSWORD: "WlnTd9_mtw5-4"
+    ports:
+      - "8080:8080"
+    networks:
+      - radius-net
+
 networks:
  proxy-tier:
    enable_ipv6: true
--- a/ldap/Dockerfile
+++ b/ldap/Dockerfile
@ -5,8 +5,8 @@ FROM osixia/openldap:1.5.0
 #    {{ LDAP_DOMAIN }}
 #    {{ LDAP_READONLY_USER_USERNAME }}
 #    {{ LDAP_READONLY_USER_PASSWORD_ENCRYPTED }}
-ADD ./*.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom
-ADD ./*.schema /container/service/slapd/assets/config/bootstrap/ldif/custom
+ADD ./*.ldif /seed/ldif/
+ADD ./*.schema /seed/schema/
 ENV LDAP_ORGANISATION="ATerekhin test domain"
 ENV LDAP_DOMAIN="bearns.me"
 ENV LDAP_ADMIN_PASSWORD="WlnTd9_mtw5-4"
@ -14,3 +14,5 @@ ENV LDAP_TLS=false
 ENV LDAP_READONLY_USER=true
 ENV LDAP_OPENLDAP_GID=911
 ENV LDAP_OPENLDAP_UID=911
+ENV LDAP_SEED_INTERNAL_LDIF_PATH="/seed/ldif/"
+ENV LDAP_SEED_INTERNAL_SCHEMA_PATH="/seed/schema/"
--- a/ldap/example_user.ldif
+++ b/ldap/example_user.ldif
@ -0,0 +1,20 @@
+# LDIF Export for cn=uid001,dc=bearns,dc=me
+# Server: LDAP Server (ldap://ldap:389)
+# Total Entries: 1
+#
+# Generated by PLA (http://localhost:8080) on July 20, 2025 8:27 pm
+# Exported by Anonymous
+# Version: v2.2.2-rel-ae0dc2e5
+
+version: 1
+# Entry 1: cn=uid001,dc=bearns,dc=me
+dn: cn=uid001,dc=bearns,dc=me
+cn: uid001
+objectClass: person
+objectClass: uidObject
+objectClass: radiusProfile
+radiusFramedIPAddress: 192.168.95.2
+radiusServiceType: ns/main
+sn: Test user
+uid: user001
+userPassword: 12345678
--- a/ldap/freeradius-clients.ldif
+++ b/ldap/freeradius-clients.ldif
@ -0,0 +1,13 @@
+dn: cn=freeradius-clients,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: freeradius-clients
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.1 NAME 'freeradiusClientIdentifier' DESC 'Client Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.2 NAME 'freeradiusClientShortname' DESC 'Client Shortname' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.3 NAME 'freeradiusClientType' DESC 'Client Type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.4 NAME 'freeradiusClientComment' DESC 'Client comment' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.5 NAME 'freeradiusClientGroupDN' DESC 'Client group membership' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.6 NAME 'freeradiusClientIpV4Binding' DESC 'Client should only be able to access the server from this IPv4 address.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.7 NAME 'freeradiusClientIpV6Binding' DESC 'Client should only be able to access the server from this IPv6 address' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.8 NAME 'freeradiusClientRegion' DESC 'Client region' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcObjectClasses: ( 1.3.6.1.4.1.11344.4.1.1.2.1 NAME 'freeradiusClient' DESC 'freeradiusClient object class' SUP top STRUCTURAL MUST freeradiusClientIdentifier MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment $ freeradiusClientGroupDN $ freeradiusClientIpV4Binding $ freeradiusClientIpV6Binding $ freeradiusClientRegion ) )
+olcObjectClasses: ( 1.3.6.1.4.1.11344.4.1.1.2.2 NAME 'freeradiusAccessDevice' DESC 'freeradiusAccessDevice object class' SUP top STRUCTURAL MUST freeradiusClientIdentifier MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment ) )
--- a/ldap/freeradius-clients.schema
+++ b/ldap/freeradius-clients.schema
@ -0,0 +1,100 @@
+#
+# freeradiusClient is a structural object which provides the base object for all freeradius clients.
+# Only attributes which are common to all clients are provided by this object.
+#
+# freeradiusClient objects may be extended by AUX objects like radiusClient to add protocol specific
+# attributes like radiusSecret.
+#
+# 11344.4.1.1.[1|2]
+# |     | | |   |_ 1. Client attributes. .2 Client objects
+# |     | | |_ Clients
+# |     | |_ Internal
+# |     |_ LDAP Attributes
+# |_ Vendor
+#
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.1
+	NAME 'freeradiusClientIdentifier'
+	DESC 'Client Identifier'
+	EQUALITY caseIgnoreMatch
+	ORDERING caseIgnoreOrderingMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.2
+	NAME 'freeradiusClientShortname'
+	DESC 'Client Shortname'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.3
+	NAME 'freeradiusClientType'
+	DESC 'Client Type'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.4
+	NAME 'freeradiusClientComment'
+	DESC 'Client comment'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.5
+	NAME 'freeradiusClientGroupDN'
+	DESC 'Client group membership'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+  )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.6
+	NAME 'freeradiusClientIpV4Binding'
+	DESC 'Client should only be able to access the server from this IPv4 address.'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.7
+	NAME 'freeradiusClientIpV6Binding'
+	DESC 'Client should only be able to access the server from this IPv6 address'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.8
+	NAME 'freeradiusClientRegion'
+	DESC 'Client region'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+objectclass ( 1.3.6.1.4.1.11344.4.1.1.2.1
+	NAME 'freeradiusClient'
+	DESC 'freeradiusClient object class'
+	SUP top
+	STRUCTURAL
+	MUST ( freeradiusClientIdentifier )
+	MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment $ freeradiusClientGroupDN $ freeradiusClientIpV4Binding $ freeradiusClientIpV6Binding $ freeradiusClientRegion )
+ )
+
+#
+# Similar to a freeradiusClient, but uses an alternative identifier, and represents a device which
+# doesn't communicate directly with the RADIUS server.
+#
+objectclass ( 1.3.6.1.4.1.11344.4.1.1.2.2
+	NAME 'freeradiusAccessDevice'
+	DESC 'freeradiusAccessDevice object class'
+	SUP top
+	STRUCTURAL
+	MUST ( freeradiusClientIdentifier )
+	MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment )
+ )
--- a/ldap/freeradius-policy.ldif
+++ b/ldap/freeradius-policy.ldif
@ -0,0 +1,4 @@
+dn: cn=freeradius-policy,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: freeradius-policy
+olcObjectClasses: ( 1.3.6.1.4.1.11344.4.1.2.2.1 NAME 'freeradiusPolicy' DESC 'A Container Objectclass containing one or more types of <protocol>Profile' SUP top STRUCTURAL MUST cn )
--- a/ldap/freeradius-policy.schema
+++ b/ldap/freeradius-policy.schema
@ -0,0 +1,15 @@
+#
+# 11344.4.1.2.[1|2]
+# |     | | |   |_ .1 Profile attributes, .2 profile objects
+# |     | | |_ Profile
+# |     | |_ Internal
+# |     |_ LDAP Attributes
+# |_ Vendor
+#
+objectclass ( 1.3.6.1.4.1.11344.4.1.2.2.1
+	NAME 'freeradiusPolicy'
+	DESC 'A Container Objectclass containing one or more types of <protocol>Profile'
+	SUP top
+	STRUCTURAL
+	MUST cn
+ )
--- a/ldap/freeradius-radacct.ldif
+++ b/ldap/freeradius-radacct.ldif
@ -0,0 +1,22 @@
+dn: cn=freeradius-radacct,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: freeradius-radacct
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.66 NAME 'radiusAcctAuthentic' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.67 NAME 'radiusAcctInputOctets' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.68 NAME 'radiusAcctInterval' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.69 NAME 'radiusAcctOutputOctets' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.70 NAME 'radiusAcctSessionId' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.71 NAME 'radiusAcctSessionTime' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.72 NAME 'radiusAcctStartTime' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.73 NAME 'radiusAcctStopTime' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.74 NAME 'radiusAcctTerminateCause' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.75 NAME 'radiusAcctUniqueId' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.76 NAME 'radiusAcctUpdateTime' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.77 NAME 'radiusConnectInfoStart' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.78 NAME 'radiusConnectInfoStop' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.79 NAME 'radiusNASIdentifier' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.80 NAME 'radiusNASPort' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.81 NAME 'radiusNASPortId' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.82 NAME 'radiusNASPortType' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.83 NAME 'radiusUserName' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcObjectClasses: ( 1.3.6.1.4.1.11344.4.2.3.2.1 NAME 'radiusacct' SUP top AUXILIARY MAY ( radiusAcctAuthentic $ radiusAcctInputOctets $ radiusAcctInterval $ radiusAcctOutputOctets $ radiusAcctSessionId $ radiusAcctSessionTime $ radiusAcctStartTime $ radiusAcctStopTime $ radiusAcctTerminateCause $ radiusAcctUniqueId $ radiusAcctUpdateTime $ radiusConnectInfoStart $ radiusConnectInfoStop $ radiusNASIdentifier $ radiusNASPort $ radiusNASPortId $ radiusNASPortType $ radiusUserName ) )
--- a/ldap/freeradius-radacct.schema
+++ b/ldap/freeradius-radacct.schema
@ -0,0 +1,159 @@
+#
+# 11344.4.2.3.1
+# |     | | | |_ Accounting attributes (.1) accounting objects
+# |     | | |_ Accounting
+# |     | |_ RADIUS
+# |     |_ LDAP Attributes
+# |_ Vendor
+#
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.66
+	NAME 'radiusAcctAuthentic'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.67
+	NAME 'radiusAcctInputOctets'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.68
+	NAME 'radiusAcctInterval'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.69
+	NAME 'radiusAcctOutputOctets'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.70
+	NAME 'radiusAcctSessionId'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.71
+	NAME 'radiusAcctSessionTime'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.72
+	NAME 'radiusAcctStartTime'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.73
+	NAME 'radiusAcctStopTime'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.74
+	NAME 'radiusAcctTerminateCause'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.75
+	NAME 'radiusAcctUniqueId'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.76
+	NAME 'radiusAcctUpdateTime'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.77
+	NAME 'radiusConnectInfoStart'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.78
+	NAME 'radiusConnectInfoStop'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.79
+	NAME 'radiusNASIdentifier'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.80
+	NAME 'radiusNASPort'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.81
+	NAME 'radiusNASPortId'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.82
+	NAME 'radiusNASPortType'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.83
+	NAME 'radiusUserName'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+objectclass ( 1.3.6.1.4.1.11344.4.2.3.2.1
+	NAME 'radiusacct'
+	SUP top
+	AUXILIARY
+	MAY (  radiusAcctAuthentic $ radiusAcctInputOctets $ radiusAcctInterval $ radiusAcctOutputOctets $ radiusAcctSessionId $ radiusAcctSessionTime $ radiusAcctStartTime $ radiusAcctStopTime $ radiusAcctTerminateCause $ radiusAcctUniqueId $ radiusAcctUpdateTime $ radiusConnectInfoStart $ radiusConnectInfoStop $ radiusNASIdentifier $ radiusNASPort $ radiusNASPortId $ radiusNASPortType $ radiusUserName )
+ )
+
--- a/radius/raddb/mods-available/ldap
+++ b/radius/raddb/mods-available/ldap
@ -139,6 +139,14 @@ ldap {
 		control:			+= 'radiusControlAttribute'
 		request:			+= 'radiusRequestAttribute'
 		reply:				+= 'radiusReplyAttribute'
+
+        # Set connection attributes from ldap
+        #reply:Reply-Message             := 'radiusReplyMessage'
+        reply:Framed-IP-Address     := 'radiusFramedIPAddress'
+        reply:Framed-IP-Netmask     := 'radiusFramedIPNetmask'
+        reply:Framed-MTU                    := 'radiusFramedMTU'
+        NAS-Port-Id := 'radiusServiceType' #Network namespace
+        #reply:Accel-VRF-Name   := 'radiusVRF'
 	}

 	#  Set to yes if you have eDirectory and want to use the universal