199.198.197.196

196.197.198.199

If the [LDAPAddresses] section is omitted or empty, RSA RADIUS Server listens for LCI requests on all bound IP interfaces.

3Specify the same port number using the -poption on the LDAP command line. For example:

ldapsearch -V 2 -p 354 -D "cn=admin,o=radius" -w radius -s sub -T -b "radiusclass=Client,o=radius" radiusname=*

LDAP Virtual Schema

The LDAP server uses the virtual schema (illustrated in Figures 2629) to format configuration data so that this data can be understood by the

RSA RADIUS Server database.

NOTE: radiusstatus items can be read, but they cannot be modified.

radiusclass= securid-user

1...n

radiusname=

MYPROFILE

Available Attributes:

Login-Limit <number> Profile <string>

Available Child Objects: radiuslist=reply radiuslist=check

 

 

 

 

 

 

radiusclass=

 

radiusclass=

 

profile

 

client

 

 

1...n

 

 

1...n

radiusname=

 

radiusname=

 

MYPROFILE

 

MYRASCLIENT

 

 

 

 

 

 

 

 

 

Available Attributes:

 

 

Shared-Secret <string>

 

 

Acct-Shared-Secret <string>

 

 

IP-Address nnn.nnn.nnn.nnn

 

 

Product <string>

 

 

Inactivity-Timeout <seconds>

 

 

 

 

 

 

 

 

 

 

 

 

radiusclass=

server

Available Attributes: Server-Password <string> Server-Password-Enabled 01 Default-Reject-Msg <string> Unknown-User-Msg <string> Lists-Mismatch-Msg <string> Invalid-Lists-Msg <string> Auth-Methods <meth1>; <meth2>; ...

Log-Max-Days <number>

radiusclass=

rsa_cached_passwords

(read-only)

Available Attribute: cached-password

Available Reply

 

Available Check

Attributes:

 

Attributes:

All reply list attributes

 

All check list attributes

from dictionaries

 

from dictionaries

 

 

 

Figure 26 LDAP Schema (Slide 1 of 4)

RSA RADIUS Server 6.1 Administrator’s Guide Using the LDAP Configuration Interface

85

Page 97
Image 97
RSA Security 6.1 manual Ldap Virtual Schema, Available Attributes