LDAP

Edit online

RADIUS can use LDAP Version 3 to store remote user data.

RADIUS will use LDAP Version 3 API calls to access user data remotely. LDAP Version 3 access occurs if the database_location field in the /etc/radiusd.conf file is set to LDAP and the server name, the LDAP administrator user ID, and LDAP administrator password are configured.

AIX uses the LDAP Version 3 client libraries that are supported and packaged in the IBM® Tivoli® Directory Server. LDAP is a scalable protocol and the benefit of using LDAP is that user and in-process data can be located in a centralized location, easing administration of the RADIUS server. You can use the command line utility, ldapsearch, to view any of the RADIUS data.

Also, LDAP must be configured and administered before it can be used for RADIUS.

The RADIUS server provides LDAP ldif files to add the RADIUS schema, including object classes and attributes, to a directory, but you must set up and configure LDAP.

A separate suffix is created specifically for RADIUS to use the RADIUS LDAP objects. This suffix is a container with the name cn=aixradius, and it contains two object classes as described in RADIUS LDAP server configuration. You apply a RADIUS-supplied ldif file that creates the suffix and RADIUS schema.

When you use LDAP as the authentication database you get the following features:

  1. A user database that can be seen and accessed from all RADIUS servers
  2. A list of active users
  3. The feature of allowing a maximum number of logins per user ID
  4. An EAP type that can be configured per user
  5. A password expiration date.

To use the LDAP database, select LDAP in the Database Location field as shown below:

	   Configure Server        

RADIUS Directory             /etc/radius
*Database Location           [LDAP]
Local AVL Database File Name [dbdata.bin]
Local Accounting             [ON]

Debug Level                  [3] 
.
.
.