Hi Kostas,
how could i get the patch? I saerched the developer list and did not find it.
which patch do you mean - the one for rlm_ldap or that for configurable failover?
regards,
Arne
> Message: 1
> Date: Fri, 19 Mar 2004 18:17:19 +0200 (EET)
> From: Kostas Kalevras <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: AW: Behavior for rlm_ldap module
> Reply-To: [EMAIL PROTECTED]
>
> On Fri, 19 Mar 2004 [EMAIL PROTECTED] wrote:
>
> > Hi,
> >
> > i would also appreciate a solution for this "LDAP-ISSUE"
> (very much!)
> >
> > does any know if a solution is in sight? And - more
> importand - when??
>
> when a patch is posted. I 'll try to work on it on the
> weekend. It isn't too
> much of a job.
>
> >
> > Is anyony working on the extension of "configurable failover"??
> >
> > Arne
> > ________________________________
> > Dataport
> > Altenholzer Str 10 - 14, 24161 Altenholz
> > Internet:www.dataport.de
> > E-Mail: [EMAIL PROTECTED]
> > Telefon: 0431 - 32 95 6840
> > Telefax: 0431 - 32 95 410
> >
> > > Message: 6
> > > Date: Fri, 12 Mar 2004 16:17:14 +0200 (EET)
> > > From: Kostas Kalevras <[EMAIL PROTECTED]>
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: Behavior for rlm_ldap module
> > > Reply-To: [EMAIL PROTECTED]
> > >
> > > On Fri, 12 Mar 2004, Pierluigi Frullani wrote:
> > >
> > > > Hi all.
> > > > Reading through the C code of rlm_ldap I've noticed that
> > > the behavior for
> > > > this module, when it got a nosuchobject or a ambiguous
> > > reply is to not
> > > > reject the request, but pass it over for some other
> > > modules, either in
> > > > authorize then in authenticate.
> > > > This could be ok when you have a distributed ldap with
> > > different databses,
> > > > but could result in some false positive when using a
> > > replicated net of
> > > > ldap that have the same informations.
> > > > While I do have this latest configuration I've tried to
> > > figure out how I
> > > > could get an reject if the modules fail with this two
> > > options, and I made
> > > > a patch to rlm_ldap.c to have a configuration option for
> > > achieve this
> > > > behavior.
> > > > So, my patch add the : "not_found_should_reject" (boolean
> > > type yes/no)
> > > > keyword in ldap section of radiusd.conf, with a default
> > > value of no, so
> > > > the normal behavior is keeped, and if setted to yes, will
> > > make the module
> > > > to return a reject when it fails as described.
> > > >
> > > > Could this patch be included in CVS, and so in next
> distribution ?
> > >
> > >
> > > I 'd prefer a more general approach. As previously
> described by Alan
> > > configurable failover could be extended so that something
> > > like this can be
> > > possible:
> > >
> > > authorize{
> > > eap
> > > chap
> > > files
> > > ldap {
> > > notfound = reject
> > > }
> > > }
> > >
> > >
> > > --
> > > Kostas Kalevras Network Operations Center
> > > [EMAIL PROTECTED] National Technical University
> of Athens, Greece
> > > Work Phone: +30 210 7721861
> > > 'Go back to the shadow' Gandalf
> > >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens, Greece
> Work Phone: +30 210 7721861
> 'Go back to the shadow' Gandalf
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
