Would it be possible to modify the way that AuthLDAP handles reply
attributes? Right now they are all listed in a singly replyattr
attribute. This is unwieldy for a lot of our tools and increases the
complexity of the parsing.
A better mechanism would be to handle them the same way as SQL is
handled. Under SQL you can put up a statement such as:
AuthColumnDef 2, Session-Timeout, reply
which tells the AuthBy module that the second column of results from the
SQL query will contain the value for the "Session-Timeout" reply
attribute. This lets you name things properly inside your SQL tables.
The "Session-Timeout" attribute can reside in a field named
"session-timeout". The same should apply to LDAP. I should be able to
put a statement into my config file that looks like:
LDAPAttribute, Session-Timeout, session-timeout, reply
which would put the value of 'session-timeout' from the LDAP database
into the reply attribute 'Session-Timeout'.
The same methodology should apply to check items. It only makes sense to
use the same mechanism for SQL and LDAP. Being different is
non-intuitive... having all of the return codes in one LDAP atrribute is
very confusing.
The current method:
ReplyAttr replyitems
should be syntactically equivalent to:
LDAPAttribute, GENERIC, replyitems, reply
I really, really hope this makes sense... and that it gets implemented
:)
I already have everything in separate fields and have to run a separate
script to look them up and munge them into a single replyitems field.
BLECH!
Thanks,
-Steve
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
