From cd8b93d2e609a6f270f5c6d749a474d918c9430a Mon Sep 17 00:00:00 2001
From: Terekhin Alexandr <alex@bearns.me>
Date: Sun, 20 Jul 2025 23:44:34 +0300
Subject: [PATCH] Ldap auth ok

---
 accel-ppp.conf                   |  22 +++--
 compose.yaml                     |  17 ++++
 ldap/Dockerfile                  |   6 +-
 ldap/example_user.ldif           |  19 ++++
 ldap/freeradius-clients.ldif     |  13 +++
 ldap/freeradius-clients.schema   | 100 +++++++++++++++++++
 ldap/freeradius-policy.ldif      |   4 +
 ldap/freeradius-policy.schema    |  15 +++
 ldap/freeradius-radacct.ldif     |  22 +++++
 ldap/freeradius-radacct.schema   | 159 +++++++++++++++++++++++++++++++
 radius/raddb/mods-available/ldap |   8 ++
 11 files changed, 373 insertions(+), 12 deletions(-)
 create mode 100644 ldap/example_user.ldif
 create mode 100644 ldap/freeradius-clients.ldif
 create mode 100644 ldap/freeradius-clients.schema
 create mode 100644 ldap/freeradius-policy.ldif
 create mode 100644 ldap/freeradius-policy.schema
 create mode 100644 ldap/freeradius-radacct.ldif
 create mode 100644 ldap/freeradius-radacct.schema

diff --git a/accel-ppp.conf b/accel-ppp.conf
index c941611..a702fcf 100644
--- a/accel-ppp.conf
+++ b/accel-ppp.conf
@@ -1,19 +1,17 @@
 [modules]
-#log_syslog
 log_file
+radius
 pptp
 sstp
-radius
 auth_pap
 auth_chap_md5
 auth_mschap_v1
 auth_mschap_v2
 chap-secrets
-ippool
+#ippool
 ipv6_nd
 ipv6_dhcp
 ipv6pool
-#iprange
 pppd_compat
 
 [common]
@@ -23,7 +21,7 @@ single-session=replace
 chap-secrets=/etc/ppp/chap-secrets
 
 [ppp]
-verbose=0
+verbose=1
 mtu=1550
 mru=1550
 accomp=allow
@@ -36,6 +34,8 @@ ipv6-accept-peer-intf-id=1
 lcp-echo-interval=30
 lcp-echo-failure=3
 lcp-echo-timeout=5
+unit-preallocate=1
+unit-cache=10
 
 
 [client-ip-range]
@@ -58,17 +58,19 @@ ipv6-pool=v6pool
 pv6-pool-delegate=v6pool-delegate
 
 [radius]
+dictionary=/usr/share/accel-ppp/radius/dictionary
 verbose=1
 interim-verbose=1
 server=fc00:b10c:4::eeee,secret123,auth-port=1812,acct-port=1813,req-limit=0,fail-time=0
+gw-ip-address=192.168.95.1
 
 [dns]
 dns1=8.8.8.8
 
-[ip-pool]
-gw-ip-address=192.168.95.1
-tunnel=192.168.95.2-254,v4pool
-192.168.95.0/24,v4pool
+#[ip-pool]
+#gw-ip-address=192.168.95.1
+#tunnel=192.168.95.2-254,v4pool
+#192.168.95.0/24,v4pool
 
 [ipv6-dns]
 dns=2001:4860:4860::8888
@@ -89,7 +91,7 @@ verbose=1
 route-via-gw=1
 
 [log]
-level=4
+level=5
 log-file=/dev/stdout
 log-debug=/dev/stdout
 log-emerg=/dev/stderr
diff --git a/compose.yaml b/compose.yaml
index 5d4ec60..681e220 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -24,6 +24,9 @@ services:
         ipv6_address: "fc00:b10c:3::ffff"
       radius-net:
         ipv6_address: "fc00:b10c:4::ffff"
+    sysctls:
+      - net.ipv6.conf.default.disable_ipv6=0
+
   radius:
     build: ./radius
     networks:
@@ -63,6 +66,20 @@ services:
     networks:
       - proxy-tier
 
+  phpldapadmin:
+    image: phpldapadmin/phpldapadmin
+    environment:
+      LDAP_HOST: "ldap"
+      LDAP_BASE_DN: "dc=bearns,dc=me"
+      LDAP_USERNAME: "cn=admin,dc=bearns,dc=me"
+      LDAP_LOGIN_OBJECTCLASS: "posixAccount,inetOrgPerson"
+      LDAP_ALLOW_GUEST: true
+      LDAP_PASSWORD: "WlnTd9_mtw5-4"
+    ports:
+      - "8080:8080"
+    networks:
+      - radius-net
+
 networks:
   proxy-tier:
     enable_ipv6: true
diff --git a/ldap/Dockerfile b/ldap/Dockerfile
index 046a8ba..22a6357 100644
--- a/ldap/Dockerfile
+++ b/ldap/Dockerfile
@@ -5,8 +5,8 @@ FROM osixia/openldap:1.5.0
 #    {{ LDAP_DOMAIN }}
 #    {{ LDAP_READONLY_USER_USERNAME }}
 #    {{ LDAP_READONLY_USER_PASSWORD_ENCRYPTED }}
-ADD ./*.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom
-ADD ./*.schema /container/service/slapd/assets/config/bootstrap/ldif/custom
+ADD ./*.ldif /seed/ldif/
+ADD ./*.schema /seed/schema/
 ENV LDAP_ORGANISATION="ATerekhin test domain"
 ENV LDAP_DOMAIN="bearns.me"
 ENV LDAP_ADMIN_PASSWORD="WlnTd9_mtw5-4"
@@ -14,3 +14,5 @@ ENV LDAP_TLS=false
 ENV LDAP_READONLY_USER=true
 ENV LDAP_OPENLDAP_GID=911
 ENV LDAP_OPENLDAP_UID=911
+ENV LDAP_SEED_INTERNAL_LDIF_PATH="/seed/ldif/"
+ENV LDAP_SEED_INTERNAL_SCHEMA_PATH="/seed/schema/"
diff --git a/ldap/example_user.ldif b/ldap/example_user.ldif
new file mode 100644
index 0000000..b96c472
--- /dev/null
+++ b/ldap/example_user.ldif
@@ -0,0 +1,19 @@
+# LDIF Export for cn=uid001,dc=bearns,dc=me
+# Server: LDAP Server (ldap://ldap:389)
+# Total Entries: 1
+#
+# Generated by PLA (http://localhost:8080) on July 20, 2025 8:27 pm
+# Exported by Anonymous
+# Version: v2.2.2-rel-ae0dc2e5
+
+version: 1
+# Entry 1: cn=uid001,dc=bearns,dc=me
+dn: cn=uid001,dc=bearns,dc=me
+cn: uid001
+objectClass: person
+objectClass: uidObject
+objectClass: radiusProfile
+radiusFramedIPAddress: 192.168.95.2
+sn: Test user
+uid: user001
+userPassword: 12345678
\ No newline at end of file
diff --git a/ldap/freeradius-clients.ldif b/ldap/freeradius-clients.ldif
new file mode 100644
index 0000000..47bb56a
--- /dev/null
+++ b/ldap/freeradius-clients.ldif
@@ -0,0 +1,13 @@
+dn: cn=freeradius-clients,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: freeradius-clients
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.1 NAME 'freeradiusClientIdentifier' DESC 'Client Identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.2 NAME 'freeradiusClientShortname' DESC 'Client Shortname' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.3 NAME 'freeradiusClientType' DESC 'Client Type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.4 NAME 'freeradiusClientComment' DESC 'Client comment' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.5 NAME 'freeradiusClientGroupDN' DESC 'Client group membership' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.6 NAME 'freeradiusClientIpV4Binding' DESC 'Client should only be able to access the server from this IPv4 address.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.7 NAME 'freeradiusClientIpV6Binding' DESC 'Client should only be able to access the server from this IPv6 address' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.8 NAME 'freeradiusClientRegion' DESC 'Client region' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcObjectClasses: ( 1.3.6.1.4.1.11344.4.1.1.2.1 NAME 'freeradiusClient' DESC 'freeradiusClient object class' SUP top STRUCTURAL MUST freeradiusClientIdentifier MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment $ freeradiusClientGroupDN $ freeradiusClientIpV4Binding $ freeradiusClientIpV6Binding $ freeradiusClientRegion ) )
+olcObjectClasses: ( 1.3.6.1.4.1.11344.4.1.1.2.2 NAME 'freeradiusAccessDevice' DESC 'freeradiusAccessDevice object class' SUP top STRUCTURAL MUST freeradiusClientIdentifier MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment ) )
diff --git a/ldap/freeradius-clients.schema b/ldap/freeradius-clients.schema
new file mode 100644
index 0000000..eae8841
--- /dev/null
+++ b/ldap/freeradius-clients.schema
@@ -0,0 +1,100 @@
+#
+# freeradiusClient is a structural object which provides the base object for all freeradius clients.
+# Only attributes which are common to all clients are provided by this object.
+#
+# freeradiusClient objects may be extended by AUX objects like radiusClient to add protocol specific
+# attributes like radiusSecret.
+#
+# 11344.4.1.1.[1|2]
+# |     | | |   |_ 1. Client attributes. .2 Client objects
+# |     | | |_ Clients
+# |     | |_ Internal
+# |     |_ LDAP Attributes
+# |_ Vendor
+#
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.1
+	NAME 'freeradiusClientIdentifier'
+	DESC 'Client Identifier'
+	EQUALITY caseIgnoreMatch
+	ORDERING caseIgnoreOrderingMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.2
+	NAME 'freeradiusClientShortname'
+	DESC 'Client Shortname'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.3
+	NAME 'freeradiusClientType'
+	DESC 'Client Type'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.4
+	NAME 'freeradiusClientComment'
+	DESC 'Client comment'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.5
+	NAME 'freeradiusClientGroupDN'
+	DESC 'Client group membership'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+  )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.6
+	NAME 'freeradiusClientIpV4Binding'
+	DESC 'Client should only be able to access the server from this IPv4 address.'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.7
+	NAME 'freeradiusClientIpV6Binding'
+	DESC 'Client should only be able to access the server from this IPv6 address'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.8
+	NAME 'freeradiusClientRegion'
+	DESC 'Client region'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+objectclass ( 1.3.6.1.4.1.11344.4.1.1.2.1
+	NAME 'freeradiusClient'
+	DESC 'freeradiusClient object class'
+	SUP top
+	STRUCTURAL
+	MUST ( freeradiusClientIdentifier )
+	MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment $ freeradiusClientGroupDN $ freeradiusClientIpV4Binding $ freeradiusClientIpV6Binding $ freeradiusClientRegion )
+ )
+
+#
+# Similar to a freeradiusClient, but uses an alternative identifier, and represents a device which
+# doesn't communicate directly with the RADIUS server.
+#
+objectclass ( 1.3.6.1.4.1.11344.4.1.1.2.2
+	NAME 'freeradiusAccessDevice'
+	DESC 'freeradiusAccessDevice object class'
+	SUP top
+	STRUCTURAL
+	MUST ( freeradiusClientIdentifier )
+	MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment )
+ )
diff --git a/ldap/freeradius-policy.ldif b/ldap/freeradius-policy.ldif
new file mode 100644
index 0000000..78e5745
--- /dev/null
+++ b/ldap/freeradius-policy.ldif
@@ -0,0 +1,4 @@
+dn: cn=freeradius-policy,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: freeradius-policy
+olcObjectClasses: ( 1.3.6.1.4.1.11344.4.1.2.2.1 NAME 'freeradiusPolicy' DESC 'A Container Objectclass containing one or more types of <protocol>Profile' SUP top STRUCTURAL MUST cn )
diff --git a/ldap/freeradius-policy.schema b/ldap/freeradius-policy.schema
new file mode 100644
index 0000000..2a39f64
--- /dev/null
+++ b/ldap/freeradius-policy.schema
@@ -0,0 +1,15 @@
+#
+# 11344.4.1.2.[1|2]
+# |     | | |   |_ .1 Profile attributes, .2 profile objects
+# |     | | |_ Profile
+# |     | |_ Internal
+# |     |_ LDAP Attributes
+# |_ Vendor
+#
+objectclass ( 1.3.6.1.4.1.11344.4.1.2.2.1
+	NAME 'freeradiusPolicy'
+	DESC 'A Container Objectclass containing one or more types of <protocol>Profile'
+	SUP top
+	STRUCTURAL
+	MUST cn
+ )
diff --git a/ldap/freeradius-radacct.ldif b/ldap/freeradius-radacct.ldif
new file mode 100644
index 0000000..e997aa8
--- /dev/null
+++ b/ldap/freeradius-radacct.ldif
@@ -0,0 +1,22 @@
+dn: cn=freeradius-radacct,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: freeradius-radacct
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.66 NAME 'radiusAcctAuthentic' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.67 NAME 'radiusAcctInputOctets' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.68 NAME 'radiusAcctInterval' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.69 NAME 'radiusAcctOutputOctets' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.70 NAME 'radiusAcctSessionId' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.71 NAME 'radiusAcctSessionTime' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.72 NAME 'radiusAcctStartTime' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.73 NAME 'radiusAcctStopTime' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.74 NAME 'radiusAcctTerminateCause' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.75 NAME 'radiusAcctUniqueId' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.76 NAME 'radiusAcctUpdateTime' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.77 NAME 'radiusConnectInfoStart' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.78 NAME 'radiusConnectInfoStop' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.79 NAME 'radiusNASIdentifier' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.80 NAME 'radiusNASPort' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.81 NAME 'radiusNASPortId' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.82 NAME 'radiusNASPortType' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.2.3.1.83 NAME 'radiusUserName' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcObjectClasses: ( 1.3.6.1.4.1.11344.4.2.3.2.1 NAME 'radiusacct' SUP top AUXILIARY MAY ( radiusAcctAuthentic $ radiusAcctInputOctets $ radiusAcctInterval $ radiusAcctOutputOctets $ radiusAcctSessionId $ radiusAcctSessionTime $ radiusAcctStartTime $ radiusAcctStopTime $ radiusAcctTerminateCause $ radiusAcctUniqueId $ radiusAcctUpdateTime $ radiusConnectInfoStart $ radiusConnectInfoStop $ radiusNASIdentifier $ radiusNASPort $ radiusNASPortId $ radiusNASPortType $ radiusUserName ) )
diff --git a/ldap/freeradius-radacct.schema b/ldap/freeradius-radacct.schema
new file mode 100644
index 0000000..0e76c64
--- /dev/null
+++ b/ldap/freeradius-radacct.schema
@@ -0,0 +1,159 @@
+#
+# 11344.4.2.3.1
+# |     | | | |_ Accounting attributes (.1) accounting objects
+# |     | | |_ Accounting
+# |     | |_ RADIUS
+# |     |_ LDAP Attributes
+# |_ Vendor
+#
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.66
+	NAME 'radiusAcctAuthentic'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.67
+	NAME 'radiusAcctInputOctets'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.68
+	NAME 'radiusAcctInterval'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.69
+	NAME 'radiusAcctOutputOctets'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.70
+	NAME 'radiusAcctSessionId'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.71
+	NAME 'radiusAcctSessionTime'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.72
+	NAME 'radiusAcctStartTime'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.73
+	NAME 'radiusAcctStopTime'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.74
+	NAME 'radiusAcctTerminateCause'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.75
+	NAME 'radiusAcctUniqueId'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.76
+	NAME 'radiusAcctUpdateTime'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.77
+	NAME 'radiusConnectInfoStart'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.78
+	NAME 'radiusConnectInfoStop'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.79
+	NAME 'radiusNASIdentifier'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.80
+	NAME 'radiusNASPort'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.81
+	NAME 'radiusNASPortId'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.82
+	NAME 'radiusNASPortType'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.2.3.1.83
+	NAME 'radiusUserName'
+	DESC ''
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+objectclass ( 1.3.6.1.4.1.11344.4.2.3.2.1
+	NAME 'radiusacct'
+	SUP top
+	AUXILIARY
+	MAY (  radiusAcctAuthentic $ radiusAcctInputOctets $ radiusAcctInterval $ radiusAcctOutputOctets $ radiusAcctSessionId $ radiusAcctSessionTime $ radiusAcctStartTime $ radiusAcctStopTime $ radiusAcctTerminateCause $ radiusAcctUniqueId $ radiusAcctUpdateTime $ radiusConnectInfoStart $ radiusConnectInfoStop $ radiusNASIdentifier $ radiusNASPort $ radiusNASPortId $ radiusNASPortType $ radiusUserName )
+ )
+
diff --git a/radius/raddb/mods-available/ldap b/radius/raddb/mods-available/ldap
index b4fe9c6..dc3888b 100644
--- a/radius/raddb/mods-available/ldap
+++ b/radius/raddb/mods-available/ldap
@@ -139,6 +139,14 @@ ldap {
 		control:			+= 'radiusControlAttribute'
 		request:			+= 'radiusRequestAttribute'
 		reply:				+= 'radiusReplyAttribute'
+
+        # Set connection attributes from ldap
+        #reply:Reply-Message             := 'radiusReplyMessage'
+        reply:Framed-IP-Address     := 'radiusFramedIPAddress'
+        reply:Framed-IP-Netmask     := 'radiusFramedIPNetmask'
+        reply:Framed-MTU                    := 'radiusFramedMTU'
+        NAS-Port-Id := 'radiusServiceType' #Network namespace
+        #reply:Accel-VRF-Name   := 'radiusVRF'
 	}
 
 	#  Set to yes if you have eDirectory and want to use the universal