ca_path:: Directory containing trusted CAs, used to sign CRLs
+
+trigger_rate_limit::
+
+If triggers are enabled (either here or in trigger.conf),
+should the trigger messages be rate limited.
+
+
+trigger:: Xlats to run when specific CRL events happen
+
+When configured here, they are specific to this module instance.
+Alternatively global settings for all instances of the `crl`
+module can be set in `triggers.conf` under the `modules` -> `crl`
+section.
+
+For triggers to be enabled, a top level `trigger` section must
+exist. Enable the line `$INCLUDE trigger.conf` in `radiusd.conf`
+and if none of the triggers in there are required, comment them
+out, leaving just the outer section.
+
+Triggers can either be calls to execute programs or xlat expansions.
+The examples below show the use of the `linelog` xlat.
+
+In the "fetch..." triggers, the attributes from the request list
+where the `crl` module is called are available.
+The "expired" trigger only has `CRL.CDP-URL` available.
+
+
+fetchuri:: A CRL URI is being requested
+
+
+
+fetchfail:: Fetching a CRL URI failed
+
+
+
+fetchbad:: Fetching a CRL URI returned bad data
+
+
+
+expired:: A CRL has expired
+
+
== Default Configuration
```
ca_file = ${cadir}/rsa/ca.pem
# ca_path = ${modules.eap.tls-config[tls-common].ca_path}
ca_path = ${cadir}
+# trigger_rate_limit = yes
+# trigger {
+# fetchuri = %linelog("Fetching CRL from %{CRL.CDP-URL}")
+# fetchfail = %linelog("Failed fetching %{CRL.CDP-URL}: %{Module-Failure-Message}")
+# fetchbad = %linelog("Data returned from %{CRL.CDP-URL} was not valid")
+# expired = %linelog("CRL from %{CRL.CDP-URL} has expired")
+# }
}
```
### Module triggers
-Triggers for specific modules. These are *not* in the module
-configuration because they are global to all instances of the
-module. You can have module-specific triggers, by placing a
-"trigger" subsection in the module configuration.
+Triggers for specific modules. These are *not* in the
+module configuration because they are global to all
+instances of the module. You can have module-specific
+triggers, by placing a `trigger` subsection in the module
+configuration. Not all modules support a `trigger`
+subsection.
#### rlm_ldap: The LDAP module
-If the server does "bind as user", it will open and
-close an LDAP connection every time it binds as a
-user. Be aware that this will likely produce a lot
-of triggers.
-
Define common arguments to use below:
snmptrap = "${snmp.trap.cmd} -c ${snmp.trap.community} ${snmp.trap.agent} FREERADIUS-NOTIFICATION-MIB"
trigger {
server {
- start = "${snmptrap}::serverStart"
- stop = "${snmptrap}::serverStop"
- max_requests = "${snmptrap}::serverMaxRequests"
+ start = `${snmptrap}::serverStart`
+ stop = `${snmptrap}::serverStop`
+ max_requests = `${snmptrap}::serverMaxRequests`
}
modules {
ldap {
args = "radiusdModuleName s '${.:name}' radiusdModuleInstance s '${.:instance}'"
- open = "${snmptrap}::serverModuleConnectionUp ${args}"
- close = "${snmptrap}::serverModuleConnectionDown ${args}"
- min = "${snmptrap}::serverModuleConnectionReservedPeriodMin ${args}"
- max = "${snmptrap}::serverModuleConnectionReservedPeriodMax ${args}"
+ open = `${snmptrap}::serverModuleConnectionUp ${args}`
+ close = `${snmptrap}::serverModuleConnectionDown ${args}`
+ min = `${snmptrap}::serverModuleConnectionReservedPeriodMin ${args}`
+ max = `${snmptrap}::serverModuleConnectionReservedPeriodMax ${args}`
}
sql {
args = "radiusdModuleName s '${.:name}' radiusdModuleInstance s '${.:instance}'"
- open = "${snmptrap}::serverModuleConnectionUp ${args}"
- close = "${snmptrap}::serverModuleConnectionDown ${args}"
- fail = "${snmptrap}::serverModuleConnectionFail ${args}"
- min = "${snmptrap}::serverModuleConnectionReservedPeriodMin ${args}"
- max = "${snmptrap}::serverModuleConnectionReservedPeriodMax ${args}"
+ open = `${snmptrap}::serverModuleConnectionUp ${args}`
+ close = `${snmptrap}::serverModuleConnectionDown ${args}`
+ fail = `${snmptrap}::serverModuleConnectionFail ${args}`
+ min = `${snmptrap}::serverModuleConnectionReservedPeriodMin ${args}`
+ max = `${snmptrap}::serverModuleConnectionReservedPeriodMax ${args}`
}
}
}
projects / thirdparty / freeradius-server.git / commitdiff
