FreeRADIUS w/ Local OpenLDAP

Each FreeRADIUS server connects first by Unix socket to a local instance of OpenLDAP configured as a syncrepl consumer of the appropriate OpenLDAP provider for its tier, then by LDAPS to the provider if that socket connection should fail. This allows FreeRADIUS to continue to authenticate and authorize users even if the local OpenLDAP instance is unavailable for maintenance or fatal error. FreeRadius performs a simple bind to the provider directory using the uid=freeradius,ou=Local,ou=NIS,o=vt user DN.


dn: uid=freeradius,ou=Local,ou=NIS,o=vt
description: An account for freeradius to use to search the dir
cn: FreeRADIUS
uid: freeradius
userPassword: {ssha}REDACTREDACTREDACTREDACTREDACTREDACT1234
objectClass: radiusObjectProfile

NI&S AAA Documentation

FreeRADIUS w/ Local OpenLDAP