Skip to content

LDAP RADIUS Translation

Warning

Mideye Server 4 is no longer updated, and new installations are not supported. Only existing Mideye Server 4 installations and upgrades to latest release are supported. Please use Mideye Server 6 for new installations and continued support.

LDAP RADIUS Translation

LDAP Server configuration

If LDAP-RADIUS Translation is checked, Mideye server will translate LDAP-attribute to RADIUS-attribute. Refer to section LDAP-RADIUS Translation (Anchor) for detailed instructions.

When all the tabs have been configured, save the configuration and click “Close” to restart the services.

To further extend the functionality of RADIUS, LDAP-RADIUS Translation can be used to assign specific users or group permission from LDAP when logging in using a VPN-concentrator.

On Mideye Server, open Configuration tool and navigate to LDAP Servers and modify the selected LDAP Server. In the tab “LDAP-RADIUS” enable “LDAP-RADIUS Translation” and enter the LDAP attribute name that contains group membership information. For Active Directory, the attribute name is memberOf.

Enable LDAP RADIUS Translation

Create LDAP-RADIUS Translation rules

In Configuration, navigate to the “LDAP-RADIUS Translation” tab. Press “New” and define a new rule corresponding to a specific group name attribute in the LDAP repository (see screenshot below). In the field “LDAP Attribute Value”, enter the full Distinguished Name of the group. Note that it is important that the exact group name is specified – the translation is both case and blank-space sensitive.

To make sure the correct DN is written, from ADUC, open the attribute editor of the group and simply copy the value and paste it into “LDAP Attribute Value” field in Mideye Server.

Starting from Mideye Server release 4.2.3 LDAP-RADIUS translation can also be used with wildcard/Java Regular Expressions, e,g. CN=Mideye-administrators.*

DN of the group

In the attribute list, select the desired attribute, and add a suitable string for the group and click “OK”. To know what attribute that should be used and how to configure it, consult the manufacturer of the VPN concentrator.

Adding a string to a class-attribute.

A complete guide for RADIUS Translation for Cisco ASA can be found here.

To save the configuration click “OK” followed by “Close” to restart the services.