On Fri, 21 Feb 2003, Derrik Pates wrote: > I've worked up a small patch that works with OpenLDAP features to > support the use of LDAP URIs for referring to LDAP servers instead of > specifying by host/port. This will work easily for ldap://, ldaps:// and > ldapi:// (LDAP over IPC) URIs. I've plugged this in and tested the > module (with CVS code from ~7 days ago), and it's working well. > > I'm checking out the Netscape/iPlanet LDAP C API documentation, but it > doesn't appear to provide the ldap_initialize() call that the OpenLDAP > libraries do. > > To use this module, just patch it in. No makefile changes are necessary. > To use an LDAP URI, just add a line like: > > server_uri = ldap://localhost/ > > or > > server_uri = ldapi:/// > > to the ldap config section in your radiusd.conf. By default, its value > will be NULL, so the server and port options will take effect instead. > If you specify anything for server_uri, however, it will take > precedence. > > Also, if you wish to use an ldapi:// URI, check to see that your slapd > has been started with the -h "URI list" option. If one of the URIs > specified points to a particular path for the LDAP socket file, specify > it like this: > > ldapi://%2fvar%2frun%2fldapi/ > > See the OpenLDAP docs for additional info.
Where's the patch? I 've added support for the ldap_initialize function in rlm_ldap. HAVE_LDAP_INITIALIZE will need to be defined so we need to add a check for ldap_initialize in the rlm_ldap configure script for things to work. I prefer just checking that the server directive is an ldap url instead of adding one more directive. In any case I really like the idea of ldap uris beacause of the ability to use unix sockets. The only performance problem left with rlm_ldap is that for user authentication we need to do an ldap connect/bind which means we have to go through the tcp connection creation overhead. Using unix sockets can overcome this and give us better performance. > > -- > Derrik Pates > [EMAIL PROTECTED] > [EMAIL PROTECTED] > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
