>> even my initial look at the ldap module was confusing as the exmaples
simpy
>> connect to the ldap server using the supplied usernamer and password.
this
>> is not what i want, i want to connect using a standard signle username
and
>> use the supplied User-Name to obtain various records...
>This is wrong, the ldap module will connect with the supplied
username/password
>for user authentication. Use authorization (ldap attributes extraction) is
>performed by connecting to the ldap server with the username/password
specified
>in the module configuration
there is a difference - the Steel-Belted Radius server documentation
explains it well and allow syou to make the choice:
(1) you connect to the ldap server using the supplied
username/password
if the connection succeeds, the password is valid
(2) you bind using a standard username/password unrelated to any
users/clients
you then search for records using the User-Name fields and match
a
password field
- from this user record - you can read and act upon other
attributes
such as (filtered? unmetered? tunnel attributes (not all users
are human))
it is the second which i am currently doign with radiator but would like to
use freeradius. with radiator, the "environment" consisting of the request,
reply, check and ldap attributes are passed to user defined hooks, which can
then use them to delete, modify or add pairs, or do ldap/sql lookups.
i'd like to use freeradius for 3 major reasons:
* multi-threaded - can be taken advantage of given better OSes (eg
linux 2.6, NPTL)
* modules are like objects of classes - and so there is an
opportunity to
have multiple instances and also to do constructir/destructior
type work
eg hold open connections (radiator can't, you have to open/close
for every request
as far as i can tell)
* its smaller, lighter and faster than doing it in Perl!
tariq
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html