Re: (RADIATOR) LDAP Request

Joost Stegeman Sat, 2 Jan 1999 07:09:35 -0800
Hugh,

I'm not sure your suggestion to define multiple CheckAttr and ReplyAttr fields
in the LDAP config works in Radiator 2.14.1. It doesn't work in 2.11 for sure.
Maybe you mean that multiple atribute values in the LDAP directory are
concatenated with commas?

from AuthLDAP.pm, line 274:

            elsif ($attr eq lc $self->{CheckAttr})
            {
                # This is the attribute with check items in it
                $user->get_check->parse(join ',', @vals);
            }
            elsif ($attr eq lc $self->{ReplyAttr})
            {
                # This is the attribute with reply items in it
                $user->get_reply->parse(join ',', @vals);
            }

Here I see the $attr's from the LDAP query being checked against a single value
 in the configuration tree. This, and my tests with 2.11 lead me to believe
your suggestion is not correct. I really like the idea from Steven Ames, who
build som patches which make the configuration much alike the SQL
configuration.

Any other thoughts, I am wrong?

- Joost.

> 
> Hello Steven -
> 
> On Fri, 29 Oct 1999, Steven Ames wrote:
> > Would it be possible to modify the AuthLDAP modules so that instead
> > of (or in addition to to maintain backward compatibility) having
> > a single attribute that holds all of the reply items we can instead
> > set things up more like the SQL modules?
> > 
> > What I mean is under SQL you can do things like:
> > 
> >      AuthColumnDef 2, Session-Timeout, reply
> > 
> > saying that the column 2 attribute is a reply item and should be
> > combined with 'Session-Timeout' to create 'Session-Timeout = X'.
> > 
> > Under LDAP the same thing could apply:
> > 
> >      LDAPAttribute,     netmask, Framed-IP-Netmask, reply
> > 
> > stating that there is an LDAP attribute called 'netmask' which should
> > be used as the value for the reply string 'Framed-IP-Netmask'.
> > 
> > That'd make things so much cleaner in my LDAP databases.... ditto with
> > check items :)
> > 
> 
> You can already do this simply by putting multiple CheckAttr and ReplyAttr
> lines in your configuration file. The only caveat is that each LDAP field
> must contain the complete attribute=value pair.
> 
> <Handler ....>
>      <AuthBy LDAP>
>           ....
>           CheckAttr ServiceType     # contains Service-Type = Framed-User
>           CheckAttr ....
>           ReplyAttr ServiceType     # contains Service-Type = Framed-User
>           ReplyAttr FramedIPAddress     # Framed-IP-Address = x.x.x.x
>           ReplyAttr FramedIPNetmask     # Framed-IP-Netmask = y.y.y.y
>           ReplyAttr ....
>           ....
>      </AuthBy>
> </Handler>
> 
> See Section 6.30.10 and 6.30.11 in the Radiator 2.14.1 reference manual.
> 
> hth
> 
> Hugh
>

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) LDAP Request

Reply via email to
