AW: Behavior for rlm_ldap module

Fri, 19 Mar 2004 02:53:56 -0800 

Hi,

i would also appreciate a solution for this "LDAP-ISSUE" (very much!)

does any know if a solution is in sight? And - more importand - when??

Is anyony working on the extension of "configurable failover"??

Arne
________________________________ 
Dataport 
Altenholzer Str 10 - 14, 24161 Altenholz 
Internet:www.dataport.de 
E-Mail: [EMAIL PROTECTED] 
Telefon: 0431 - 32 95 6840 
Telefax: 0431 - 32 95 410 

> Message: 6
> Date: Fri, 12 Mar 2004 16:17:14 +0200 (EET)
> From: Kostas Kalevras <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: Behavior for rlm_ldap module
> Reply-To: [EMAIL PROTECTED]
> 
> On Fri, 12 Mar 2004, Pierluigi Frullani wrote:
> 
> > Hi all.
> >  Reading through the C code of rlm_ldap I've noticed that 
> the behavior for
> > this module, when it got a nosuchobject or a ambiguous 
> reply is to not
> > reject the request, but pass it over for some other 
> modules, either in
> > authorize then  in authenticate.
> > This could be ok when you have a distributed ldap with 
> different databses,
> > but could result in some false positive when using a 
> replicated net of
> > ldap that have the same informations.
> > While I do have this latest configuration I've tried to 
> figure out how I
> > could get an reject if the modules fail with this two 
> options, and I made
> > a patch to rlm_ldap.c to have a configuration option for 
> achieve this
> > behavior.
> > So, my patch add the : "not_found_should_reject" (boolean 
> type yes/no)
> > keyword in ldap section of radiusd.conf, with a default 
> value of no, so
> > the normal behavior is keeped, and if setted to yes, will 
> make the module
> > to return a reject when it fails as described.
> >
> > Could this patch be included in CVS, and so in next distribution ?
> 
> 
> I 'd prefer a more general approach. As previously described by Alan
> configurable failover could be extended so that something 
> like this can be
> possible:
> 
> authorize{
>       eap
>       chap
>       files
>       ldap {
>               notfound = reject
>       }
> }
> 
> 
> --
> Kostas Kalevras               Network Operations Center
> [EMAIL PROTECTED]     National Technical University of Athens, Greece
> Work Phone:           +30 210 7721861
> 'Go back to the shadow'       Gandalf
> 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to