On Wed, Feb 23, 2005 at 08:22:21AM +1100, Michael Mitchell wrote:
> From: Michael Mitchell <[EMAIL PROTECTED]>
> To: freeradius-users@lists.freeradius.org
> Subject: Re: Grouping accounts
> Date: Wed, 23 Feb 2005 08:22:21 +1100
>
> I'm not sure that Steven ever mentioned that his user database is ldap
> (perhaps Steven could clarify this for us?)??
PostgreSQL.
> But for what is it worth we use a very similar scheme as described by
> Dustin below. For us however, our billing system is the authoritative
> database, and LDAP is only used for authentication. The billing system
> automagically knows which "service records" belong to each account in
> the database. It aides itself in this process by adding an account id
> attribute to each of the user's service records in LDAP.
>
> If you get your LDAP tree right, you don't even need two instances of
> the ldap module. We do this:
>
> ldap {
> basedn = "ou=%{Huntgroup-Name},dc=yourdomain"
> }
>
> which works really nicely, as long as you keep your huntgroups up to
> date ;-)
>
> I'm sure you could do a very similar thing with sql - have an "Account"
> table for billing purposes, and a "Service" table for authentication
> purposes, with each service linked back to the "Account" via an "Account
> ID".
>
> You may have to play with the accounting queries in the sql module
> configuration a little if you want the accounting records to reference
> the "Account ID"...
I've been talking to the boss and one of the Perl programmers. Apparently
we're going to do it using FreeRadius/Perl/PostgreSQL.
I thought LDAP was the way to go, but I was wrong.
Steven.
--
.''`.
: :' :
`. `'`
`-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
