3.53. <AuthBy LDAPRADIUS> Previous topic Parent topic Child topic Next topic

This clause proxies requests to one or more target RADIUS servers. The target host is determined by a lookup in an LDAP database. This allows the easy management of large numbers of downstream radius servers, such as in a wholesale ISP. It inherits from both LDAP and <AuthBy RADIUS>.
<AuthBy LDAPRADIUS> runs the SearchFilter query to determine the details of the target RADIUS server until either an acknowledgment is received from the target or Num-Hosts is exceeded. This permits fallback RADIUS servers to be configured.
SearchFilter can be configured to select the target RADIUS server based on any attribute in the incoming request. The default is the user's Realm, but other possibilities, such as Called-Station-Id may be more useful for your organisation.
There is a sample LDAP schema for OpenLDAP in /goodies/radiator-ldap.schema in your Radiator distribution. This schema is compatible with the default behaviour of SearchFilter and HostAttrDef allowing the selection of a target host primary based on Realm.
If SearchFilter fails to find any matching LDAP records, <AuthBy LDAPRADIUS> attempts to proxy according any <Host xxxxxx> clauses contained within the <AuthBy LDAPRADIUS> clause. For more information, see Section 3.37. <Host xxxxxx> within <AuthBy RADIUS>. This permits unknown realms to be proxied to a catchall target server, such as GoRemote (GRIC), IPASS etc.
<AuthBy LDAPRADIUS> understands also the same parameters as <AuthBy LDAP2>. For more information, see Section 3.43. <AuthBy LDAP2>.