Hi Stephen,
The reason that LDAP does not do the same thing with extended attributesd is
more historical. If youy send us the code or a patch, we will certainly
consider rolling it into the code.
Thanks for telling us about this.
Cheers.
----------------------------------------------------------------------------
---------------
Mike McCauley [EMAIL PROTECTED]
Open System Consultants +61 3 9598 0985
Mike is travelling right now, and there may be delays
in our correspondence.
-----Original Message-----
From: Steven E. Ames <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; Steven Ames <[EMAIL PROTECTED]>;
[EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, October 29, 1999 10:40 AM
Subject: Re: (RADIATOR) LDAP Request
>Thanks for the quick reply Hugh. That works but (IMHO) it defeats the
>purpose of having a database if you have to put the complete attribute
>pair into it.
>
>I actually just spent an hour or so migrating some code from AuthSQL.pm
>to AuthLDAP.pm to do exactly what I want. Works great.
>
>Is there some reason not to handle LDAP in the same manner as SQL? It
>seems a bit cleaner. I'll send the new AuthLDAP.pm along to you shortly.
>Any chance of getting your (or someone...) to look it over and maybe
>make the changes a permanent feature of RADIATOR? I don't care if the
>tag names change as long as I can keep the functionality... Otherwise
>I'm looking at having to redo this everytime AuthLDAP.pm gets updated by
>you all.
>
>-Steve
>
>----- Original Message -----
>From: Hugh Irvine <[EMAIL PROTECTED]>
>To: Steven Ames <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
>Sent: Thursday, October 28, 1999 5:52 PM
>Subject: Re: (RADIATOR) LDAP Request
>
>
>>
>> Hello Steven -
>>
>> On Fri, 29 Oct 1999, Steven Ames wrote:
>> > Would it be possible to modify the AuthLDAP modules so that instead
>> > of (or in addition to to maintain backward compatibility) having
>> > a single attribute that holds all of the reply items we can instead
>> > set things up more like the SQL modules?
>> >
>> > What I mean is under SQL you can do things like:
>> >
>> > AuthColumnDef 2, Session-Timeout, reply
>> >
>> > saying that the column 2 attribute is a reply item and should be
>> > combined with 'Session-Timeout' to create 'Session-Timeout = X'.
>> >
>> > Under LDAP the same thing could apply:
>> >
>> > LDAPAttribute, netmask, Framed-IP-Netmask, reply
>> >
>> > stating that there is an LDAP attribute called 'netmask' which
>should
>> > be used as the value for the reply string 'Framed-IP-Netmask'.
>> >
>> > That'd make things so much cleaner in my LDAP databases.... ditto
>with
>> > check items :)
>> >
>>
>> You can already do this simply by putting multiple CheckAttr and
>ReplyAttr
>> lines in your configuration file. The only caveat is that each LDAP
>field must
>> contain the complete attribute=value pair.
>>
>> <Handler ....>
>> <AuthBy LDAP>
>> ....
>> CheckAttr ServiceType # contains Service-Type = Framed-User
>> CheckAttr ....
>> ReplyAttr ServiceType # contains Service-Type = Framed-User
>> ReplyAttr FramedIPAddress # Framed-IP-Address = x.x.x.x
>> ReplyAttr FramedIPNetmask # Framed-IP-Netmask = y.y.y.y
>> ReplyAttr ....
>> ....
>> </AuthBy>
>> </Handler>
>>
>> See Section 6.30.10 and 6.30.11 in the Radiator 2.14.1 reference
>manual.
>>
>> hth
>>
>> Hugh
>>
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
>> NT, Rhapsody
>>
>
>
>===
>Archive at http://www.thesite.com.au/~radiator/
>To unsubscribe, email '[EMAIL PROTECTED]' with
>'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
