Tariq Rashid <[EMAIL PROTECTED]> wrote:
> having had an initial look at freeradius and the ldap module - i am reaching
> the conclusion that the standard modules and freeradius are not suited to
> this task. for simple tasks such as always adding ldap attributes to reply
> packets then freeradius seems to be fine. there appears to be no easy way to
> encode any complex decision logic in the configuration files.
That is a limitation with the current LDAP module.
> the only sensible location for non-trivial decision logic is in a new module
> specific to our needs. but would this mean that we have to implement our own
> calls to ldap within this module, or could we use the existing ldap module
> to get the relevent attributes and then use these values on our own module?
You don't need any of that. The LDAP module supports dynamic
expansion of strings, so you can check the LDAP configuration from the
"users" file:
DEFAULT User-Name == `%{ldap: ....}`
...
It's not perfect, but it's a start.
> even my initial look at the ldap module was confusing as the exmaples simpy
> connect to the ldap server using the supplied usernamer and password. this
> is not what i want, i want to connect using a standard signle username and
> use the supplied User-Name to obtain various records...
So supply patches to the LDAP module which implement this logic.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
