Hello Karel -
On Wed, 01 Dec 1999, Velden, C.W.van der wrote:
> L.S.,
>
> What is the reason Radiator uses LDAP search instead of LDAP compare to
> check whether an entry fullfills the requirements? I would prefer to use
> LDAP compare. Secondly what is the status regarding connecting to an LDAP
> server at present? According to me (using Netscape LDAP SDK) it connects
> once and reuses this connection, is this correct?
>
The reason Radiator uses LDAP search is because the product was designed for
searching - look up a user record and return the relevant information for that
user - password, check attributes, reply attributes, etc. The same model is
used throughout, so there is consistency across AuthBy methods.
Sadly, there are already three different AuthBy LDAP clauses because of
differing implementations of the "standard" and more are seemingly required.
And as you can see from the above, even if Radiator used a compare, it would
still need to do a subsequent search for the attributes.
And yes, Radiator tries to open a long-lasting connection to the server in the
interests of economy, but again there are differences due to the peculiarities
of different LDAP implementations (some crash when a connection is re-used).
Of course if someone would like to build an all-singing, all-dancing, do
everything AuthBy for all versions of LDAP, we would be delighted to be the
recipients of a contribution.
:-)
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
