On Fri, 19 Mar 2004 [EMAIL PROTECTED] wrote:
> Hi,
>
> i would also appreciate a solution for this "LDAP-ISSUE" (very much!)
>
> does any know if a solution is in sight? And - more importand - when??
when a patch is posted. I 'll try to work on it on the weekend. It isn't too
much of a job.
>
> Is anyony working on the extension of "configurable failover"??
>
> Arne
> ________________________________
> Dataport
> Altenholzer Str 10 - 14, 24161 Altenholz
> Internet:www.dataport.de
> E-Mail: [EMAIL PROTECTED]
> Telefon: 0431 - 32 95 6840
> Telefax: 0431 - 32 95 410
>
> > Message: 6
> > Date: Fri, 12 Mar 2004 16:17:14 +0200 (EET)
> > From: Kostas Kalevras <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Subject: Re: Behavior for rlm_ldap module
> > Reply-To: [EMAIL PROTECTED]
> >
> > On Fri, 12 Mar 2004, Pierluigi Frullani wrote:
> >
> > > Hi all.
> > > Reading through the C code of rlm_ldap I've noticed that
> > the behavior for
> > > this module, when it got a nosuchobject or a ambiguous
> > reply is to not
> > > reject the request, but pass it over for some other
> > modules, either in
> > > authorize then in authenticate.
> > > This could be ok when you have a distributed ldap with
> > different databses,
> > > but could result in some false positive when using a
> > replicated net of
> > > ldap that have the same informations.
> > > While I do have this latest configuration I've tried to
> > figure out how I
> > > could get an reject if the modules fail with this two
> > options, and I made
> > > a patch to rlm_ldap.c to have a configuration option for
> > achieve this
> > > behavior.
> > > So, my patch add the : "not_found_should_reject" (boolean
> > type yes/no)
> > > keyword in ldap section of radiusd.conf, with a default
> > value of no, so
> > > the normal behavior is keeped, and if setted to yes, will
> > make the module
> > > to return a reject when it fails as described.
> > >
> > > Could this patch be included in CVS, and so in next distribution ?
> >
> >
> > I 'd prefer a more general approach. As previously described by Alan
> > configurable failover could be extended so that something
> > like this can be
> > possible:
> >
> > authorize{
> > eap
> > chap
> > files
> > ldap {
> > notfound = reject
> > }
> > }
> >
> >
> > --
> > Kostas Kalevras Network Operations Center
> > [EMAIL PROTECTED] National Technical University of Athens, Greece
> > Work Phone: +30 210 7721861
> > 'Go back to the shadow' Gandalf
> >
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
