RADIUS Entries in the Directory
In the directory, there are two types of RADIUS entries, represented by two object classes:
The nas object class inherits from the device object class. The mandatory attributes of the nas object class are iphostNumber and sharedKey. Refer to "Attribute Reference" for a description of these attributes.
The optional attributes of the nas object are dictionaryFile and acctattrFile. The use of these attributes is described in detail in "Specifying a Dictionary File", and "Configuring Dynamic Accounting".
The remoteUser object class is an auxiliary object class that can be used with any structural object class, for example the person or organizational person object class. The remoteUser object class contains just two mandatory attributes, uid and groupCheckInfo. The uid is always passed in the connection request transmitted by the NAS to the RADIUS server. It is the key attribute used in the search filter applied by the RADIUS server to look for the remote user's entry in the directory. The groupCheckInfo attribute lists the attributes (except uid) that the RADIUS server must check before granting access to a user.
The optional attributes of the remoteUser object class are the LDAP translation of the RADIUS attributes. They define all the possible connection parameters that can be passed in a connection request transmitted by the NAS to the RADIUS server. The RADIUS server will check these parameters against the values of the attributes stored in the directory entry for the remote user, provided they are listed in the groupCheckInfo attribute.
For the full list of optional attributes of the remoteUser object class and their description, refer to "Object Class Reference" and "Attribute Reference".
- © 2010, Oracle Corporation and/or its affiliates