Joel,
The changes to make it LDAP more like SQL were added to the base system.
I don't think there was a patch released? But they will be there in
future releases.
-Steve
----- Original Message -----
From: Joost Stegeman <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 04, 1999 10:29 AM
Subject: Re: (RADIATOR) LDAP Request
> Hugh,
>
> I'm not sure your suggestion to define multiple CheckAttr and
ReplyAttr fields
> in the LDAP config works in Radiator 2.14.1. It doesn't work in 2.11
for sure.
> Maybe you mean that multiple atribute values in the LDAP directory are
> concatenated with commas?
>
> from AuthLDAP.pm, line 274:
>
> elsif ($attr eq lc $self->{CheckAttr})
> {
> # This is the attribute with check items in it
> $user->get_check->parse(join ',', @vals);
> }
> elsif ($attr eq lc $self->{ReplyAttr})
> {
> # This is the attribute with reply items in it
> $user->get_reply->parse(join ',', @vals);
> }
>
> Here I see the $attr's from the LDAP query being checked against a
single value
> in the configuration tree. This, and my tests with 2.11 lead me to
believe
> your suggestion is not correct. I really like the idea from Steven
Ames, who
> build som patches which make the configuration much alike the SQL
> configuration.
>
> Any other thoughts, I am wrong?
>
> - Joost.
>
> >
> > Hello Steven -
> >
> > On Fri, 29 Oct 1999, Steven Ames wrote:
> > > Would it be possible to modify the AuthLDAP modules so that
instead
> > > of (or in addition to to maintain backward compatibility) having
> > > a single attribute that holds all of the reply items we can
instead
> > > set things up more like the SQL modules?
> > >
> > > What I mean is under SQL you can do things like:
> > >
> > > AuthColumnDef 2, Session-Timeout, reply
> > >
> > > saying that the column 2 attribute is a reply item and should be
> > > combined with 'Session-Timeout' to create 'Session-Timeout = X'.
> > >
> > > Under LDAP the same thing could apply:
> > >
> > > LDAPAttribute, netmask, Framed-IP-Netmask, reply
> > >
> > > stating that there is an LDAP attribute called 'netmask' which
should
> > > be used as the value for the reply string 'Framed-IP-Netmask'.
> > >
> > > That'd make things so much cleaner in my LDAP databases.... ditto
with
> > > check items :)
> > >
> >
> > You can already do this simply by putting multiple CheckAttr and
ReplyAttr
> > lines in your configuration file. The only caveat is that each LDAP
field
> > must contain the complete attribute=value pair.
> >
> > <Handler ....>
> > <AuthBy LDAP>
> > ....
> > CheckAttr ServiceType # contains Service-Type =
Framed-User
> > CheckAttr ....
> > ReplyAttr ServiceType # contains Service-Type =
Framed-User
> > ReplyAttr FramedIPAddress # Framed-IP-Address =
x.x.x.x
> > ReplyAttr FramedIPNetmask # Framed-IP-Netmask =
y.y.y.y
> > ReplyAttr ....
> > ....
> > </AuthBy>
> > </Handler>
> >
> > See Section 6.30.10 and 6.30.11 in the Radiator 2.14.1 reference
manual.
> >
> > hth
> >
> > Hugh
> >
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
