ansible/roles/freeradius/templates/mods-available/ldap.j2

{{ ansible_managed | comment }}

ldap {

    server = "ldap://10.128.0.10"

    # TODO: quand on passera en prod, créer un utilisation dédié
    identity = "cn=Directory manager"
    password = "MotDePasseSuperComplique"

    base_dn = "ou=users,dc=auro,dc=re"

    user_dn = "LDAP-UserDn"

    user {
        base_dn = "${..base_dn}"
        filter = "{{ '(uid=%{%{Stripped-User-Name}:-%{User-Name}})' }}"
    }

    group {
        base_dn = "${..base_dn}"
        filter = "(objectClass=posixGroup)"
        membership_attribute = "memberOf"
    }

    update {
        reply:Tunnel-Private-Group-ID := 'radiusTunnelPrivategroupId'
    }

    options {
        # TODO
        chase_referrals = no
        rebind = no
        res_timeout = 10
        srv_timelimit = 3
        net_timeout = 1
        idle = 60
        probes = 3
        interval = 3
        ldap_debug = 0x0028
    }

    pool {
        start = 0
        min = 1
        uses = 0
        retry_delay = 15
        lifetime = 0
        idle_timeout = 60
    }

}
freeradius: support for EAP-TTLS/PAP and EAP-PEAP/GTC 2022-09-01 17:35:22 +02:00			`{{ ansible_managed \| comment }}`

			`ldap {`

freeradius: add logging 2023-06-25 00:27:08 +02:00			`server = "ldap://10.128.0.10"`
freeradius: support for EAP-TTLS/PAP and EAP-PEAP/GTC 2022-09-01 17:35:22 +02:00
			`# TODO: quand on passera en prod, créer un utilisation dédié`
			`identity = "cn=Directory manager"`
			`password = "MotDePasseSuperComplique"`

			`base_dn = "ou=users,dc=auro,dc=re"`

			`user_dn = "LDAP-UserDn"`

			`user {`
			`base_dn = "${..base_dn}"`
			`filter = "{{ '(uid=%{%{Stripped-User-Name}:-%{User-Name}})' }}"`
			`}`

			`group {`
			`base_dn = "${..base_dn}"`
			`filter = "(objectClass=posixGroup)"`
			`membership_attribute = "memberOf"`
			`}`

freeradius: add vlan support 2023-07-02 16:45:32 +02:00			`update {`
			`reply:Tunnel-Private-Group-ID := 'radiusTunnelPrivategroupId'`
			`}`

freeradius: support for EAP-TTLS/PAP and EAP-PEAP/GTC 2022-09-01 17:35:22 +02:00			`options {`
freeradius: disable chase_referal + rebind 2022-09-01 22:28:11 +02:00			`# TODO`
			`chase_referrals = no`
			`rebind = no`
freeradius: support for EAP-TTLS/PAP and EAP-PEAP/GTC 2022-09-01 17:35:22 +02:00			`res_timeout = 10`
			`srv_timelimit = 3`
			`net_timeout = 1`
			`idle = 60`
			`probes = 3`
			`interval = 3`
			`ldap_debug = 0x0028`
			`}`

			`pool {`
freeradius: add logging 2023-06-25 00:27:08 +02:00			`start = 0`
			`min = 1`
freeradius: support for EAP-TTLS/PAP and EAP-PEAP/GTC 2022-09-01 17:35:22 +02:00			`uses = 0`
freeradius: add logging 2023-06-25 00:27:08 +02:00			`retry_delay = 15`
freeradius: support for EAP-TTLS/PAP and EAP-PEAP/GTC 2022-09-01 17:35:22 +02:00			`lifetime = 0`
			`idle_timeout = 60`
			`}`

			`}`