i've previously used radiator as it is simple to modify the check and reply
items, especially when the check and reply items depend on some quite
convoluted logic (the flowchart is not simple).
having had an initial look at freeradius and the ldap module - i am reaching
the conclusion that the standard modules and freeradius are not suited to
this task. for simple tasks such as always adding ldap attributes to reply
packets then freeradius seems to be fine. there appears to be no easy way to
encode any complex decision logic in the configuration files.
(for example, is domain is xxx and dialled number is one of a, b, c or d,
then get ldap attributes and add to reply. another example could be if ldap
attribute exists, then proceed with logic block)...
the only sensible location for non-trivial decision logic is in a new module
specific to our needs. but would this mean that we have to implement our own
calls to ldap within this module, or could we use the existing ldap module
to get the relevent attributes and then use these values on our own module?
that is ...
{
call standard ldap module;
...
call our module (which uses values retrieved)
...
}
even my initial look at the ldap module was confusing as the exmaples simpy
connect to the ldap server using the supplied usernamer and password. this
is not what i want, i want to connect using a standard signle username and
use the supplied User-Name to obtain various records...
thoughts, comments appreciated
tariq
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
