Creating Server-Side Attributes

It is necessary to define new server-side attributes when creating custom local configurations, such as defining groups via the passwd module (see man rlm_passwd). In other situations, local policies will need "place holder" attributes. These attributes are used to contain data such as a "local policy name". Since there is no standard attribute defining a "local policy name", one has to be created. Since this data is never sent in a request or response packet, the attribute should be a server-side attribute.

When defining a new attribute, some general rules apply. The attribute name should be chosen to be globally unique, to avoid conflict with other attribute names. Using the name or acronym of your organization as the first word of the attribute name is usually a good idea. e.g. Company-Local-Group.

The attribute number should be between 3000 and 4000, to avoid conflict with other server-side attributes defined in newer releases of the server. This range has been allocated by the server for "site local" attribute definitions, and no release will ever define attributes in this range.

The attribute number should be assigned to one, and only one, name. Assigning two different names to the same number will cause a parse error, and the server will refuse to start.

The attribute type should be one of the well-known data types defined above. It is unfortunately impossible to define a new data type in a dictionary, as doing so will result in a parse error, and the server will refuse to start.

Other than as described above, the choice of attribute meaning is completely open. Once defined, these attributes may be used in the server wherever an attribute is valid. The only caveat is that they cannot be placed into a RADIUS packet.