Hello Steven -
On Fri, 29 Oct 1999, Steven Ames wrote:
> Would it be possible to modify the AuthLDAP modules so that instead
> of (or in addition to to maintain backward compatibility) having
> a single attribute that holds all of the reply items we can instead
> set things up more like the SQL modules?
>
> What I mean is under SQL you can do things like:
>
> AuthColumnDef 2, Session-Timeout, reply
>
> saying that the column 2 attribute is a reply item and should be
> combined with 'Session-Timeout' to create 'Session-Timeout = X'.
>
> Under LDAP the same thing could apply:
>
> LDAPAttribute, netmask, Framed-IP-Netmask, reply
>
> stating that there is an LDAP attribute called 'netmask' which should
> be used as the value for the reply string 'Framed-IP-Netmask'.
>
> That'd make things so much cleaner in my LDAP databases.... ditto with
> check items :)
>
You can already do this simply by putting multiple CheckAttr and ReplyAttr
lines in your configuration file. The only caveat is that each LDAP field must
contain the complete attribute=value pair.
<Handler ....>
<AuthBy LDAP>
....
CheckAttr ServiceType # contains Service-Type = Framed-User
CheckAttr ....
ReplyAttr ServiceType # contains Service-Type = Framed-User
ReplyAttr FramedIPAddress # Framed-IP-Address = x.x.x.x
ReplyAttr FramedIPNetmask # Framed-IP-Netmask = y.y.y.y
ReplyAttr ....
....
</AuthBy>
</Handler>
See Section 6.30.10 and 6.30.11 in the Radiator 2.14.1 reference manual.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
