3.9. LDAP configuration Previous topic Parent topic Child topic Next topic

Radiator's LDAP support requires Perl Net::LDAP module version 0.32 or later. Operating system vendors and Windows Perl distributions typically include Net::LDAP. If it is not present in your Perl distribution, see Section 2.1.2 for how to obtain and install it. Net::LDAP works with Microsoft Active Directory, Novell/NetIQ eDirectory, OpenLDAP, and other LDAP servers.
When an LDAP clause needs to fetch information from the LDAP server, it connects to the LDAP server specified by Host. Optionally, you can authenticate Radiator as a valid user of the LDAP server by specifying AuthDN and AuthPassword. This is not the same thing as authenticating a user. It happens before querying the LDAP server, and proves that this radiusd is allowed to talk to the LDAP database.
At present, LDAP clauses do synchronous connections and searches. This can mean significant delays if your LDAP server is reached by a slow network connection, or your LDAP server is slow. If this is the case, consider putting the LDAP server in a sub-server and having your main Radiator forward requests for that realm to the RADIUS sub-server.
The following configuration clauses utilise LDAP:

SASL Authentication of the LDAP connection

LDAP clauses support SASL authentication of the connection to the LDAP server. If SASL authentication is specified, the LDAP server uses SASL to authenticate the SASL user credentials specified by SASLUser and SASLPassword. You must configure your LDAP server to enable SASL authentication, and to map SASL user names to LDAP server administrator names. For example, when using OpenLDAP see their SASL configuration guide for the details.