Thanks for the quick reply Hugh. That works but (IMHO) it defeats the
purpose of having a database if you have to put the complete attribute
pair into it.
I actually just spent an hour or so migrating some code from AuthSQL.pm
to AuthLDAP.pm to do exactly what I want. Works great.
Is there some reason not to handle LDAP in the same manner as SQL? It
seems a bit cleaner. I'll send the new AuthLDAP.pm along to you shortly.
Any chance of getting your (or someone...) to look it over and maybe
make the changes a permanent feature of RADIATOR? I don't care if the
tag names change as long as I can keep the functionality... Otherwise
I'm looking at having to redo this everytime AuthLDAP.pm gets updated by
you all.
-Steve
----- Original Message -----
From: Hugh Irvine <[EMAIL PROTECTED]>
To: Steven Ames <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, October 28, 1999 5:52 PM
Subject: Re: (RADIATOR) LDAP Request
>
> Hello Steven -
>
> On Fri, 29 Oct 1999, Steven Ames wrote:
> > Would it be possible to modify the AuthLDAP modules so that instead
> > of (or in addition to to maintain backward compatibility) having
> > a single attribute that holds all of the reply items we can instead
> > set things up more like the SQL modules?
> >
> > What I mean is under SQL you can do things like:
> >
> > AuthColumnDef 2, Session-Timeout, reply
> >
> > saying that the column 2 attribute is a reply item and should be
> > combined with 'Session-Timeout' to create 'Session-Timeout = X'.
> >
> > Under LDAP the same thing could apply:
> >
> > LDAPAttribute, netmask, Framed-IP-Netmask, reply
> >
> > stating that there is an LDAP attribute called 'netmask' which
should
> > be used as the value for the reply string 'Framed-IP-Netmask'.
> >
> > That'd make things so much cleaner in my LDAP databases.... ditto
with
> > check items :)
> >
>
> You can already do this simply by putting multiple CheckAttr and
ReplyAttr
> lines in your configuration file. The only caveat is that each LDAP
field must
> contain the complete attribute=value pair.
>
> <Handler ....>
> <AuthBy LDAP>
> ....
> CheckAttr ServiceType # contains Service-Type = Framed-User
> CheckAttr ....
> ReplyAttr ServiceType # contains Service-Type = Framed-User
> ReplyAttr FramedIPAddress # Framed-IP-Address = x.x.x.x
> ReplyAttr FramedIPNetmask # Framed-IP-Netmask = y.y.y.y
> ReplyAttr ....
> ....
> </AuthBy>
> </Handler>
>
> See Section 6.30.10 and 6.30.11 in the Radiator 2.14.1 reference
manual.
>
> hth
>
> Hugh
>
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody
>
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
