Re: (RADIATOR) @ in usernames, NoDefault not working

Thu, 05 Apr 2001 22:55:04 -0700 


Hello Robert -

I have also copied this mail to Mike for his comments.

On Friday 06 April 2001 07:32, Robert Kiessling wrote:
> Hi,
>
> with Radiator-2.18 and Perl 5.005_03, authenticating using AuthLDAP2,
> I see two problems.
>
> First, I get the following error message if the username in the
> authentication request contains an `@':
>
>     Global symbol "@easynet" requires explicit package name at (eval 238)
> line 1.
>
> A workaround is to add
>
>     RewriteUsername s/\@/\\\@/
>
> but surely this is not the expected behaviour?
>

I am sure it is not - Mike?

> Second, NoDefault and NoDefaultIfFound do not seem to work. Even
> though set, the LDAP server is still queried for DEFAULT if either the
> user was not found in LDAP or the password ist wrong.
>

Both of these are AuthBy parameters and should be included within the AuthBy 
definition, not in the surrounding Realm.

> And while I'm writing, are there plans to support failover from one
> LDAP server to another, instead of not replying to the query?
>

You can set up multiple AuthBy clauses, with each one pointing at a different 
LDAP server. Then you would chain them together with an AuthByPolicy.

<AuthBy LDAP2>
                Identifier CheckLDAPserver1
                Host            localhost
                AuthDN          <deleted>
                AuthPassword    <deleted>
                HoldServerConnection
                BaseDN          o=easynet.net
                UsernameAttr    uid
                PasswordAttr    userPassword
                SearchFilter    (&(uid=%1)(status=ACTIVE)(services=DIAL))
                NoDefault
                NoDefaultIfFound
</AuthBy>

<AuthBy LDAP2>
                Identifier CheckLDAPserver2
                Host            otherhost
                AuthDN          <deleted>
                AuthPassword    <deleted>
                HoldServerConnection
                BaseDN          o=easynet.net
                UsernameAttr    uid
                PasswordAttr    userPassword
                SearchFilter    (&(uid=%1)(status=ACTIVE)(services=DIAL))
                NoDefault
                NoDefaultIfFound
</AuthBy>

<Realm DEFAULT>
                AuthByPolicy ContinueUntilAccept
                AuthBy CheckLDAPserver1 
                AuthBy CheckLDAPserver2
</Realm>


hth

Hugh

--
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to