(RADIATOR) Same LDAP attribute for check and reply
Valentin Tumarkin
tv at xpert.com
Tue Feb 11 04:30:47 CST 2003
Hi,
Mapping one LDAP attribute to multiple RADIUS attributes should work in
latest versions of Radiator AuthLDAP2 module. This doesn't work with
AuthLDAPSDK or AuthLDAP. It doesn't work in Radiator 2.x.x.
The reason is very simple:
# In AuthLDAPSDK and AuthLDAP
'AuthAttrDef' => 'stringhash'
# ...
foreach $ldapname (keys %{$self->{AuthAttrDef}})
#
# In AuthLDAP2
AuthAttrDef' => 'stringarray',
# ....
foreach $authattrdef_set (@{$self->{AuthAttrDef}})
#
To Mike and Hugh -
This issue is familiar to me, because in 2001 I wrote a patch for
Radiator AuthLDAPSDK that implemented this function (needed
this for a client).
You should really take a look at :
http://www.open.com.au/archives/radiator/2001-03/msg00111.html
The feature finally got into Radiator version 3.x AuthLDAP2,
implemented almost identically (up to the variable names) to my
original patch ;)
Cheers
On Tue, 11 Feb 2003, Hugh Irvine wrote:
>
> Hello Julio -
>
> I would have thought that you could use the same attribute twice.
>
> Could you send me the configuration file and the trace 4 debug?
>
> thanks
>
> Hugh
>
>
>
> On Tuesday, Feb 11, 2003, at 04:36 Australia/Melbourne,
> julio.prada at bt.es wrote:
>
> > Hi all,
> >
> > I've Radiator server with an 'Authby LDAP' clause and a LDAP server i a
> > sepparate box.
> >
> > I want to check LDAP attribute called 'connections' with
> > Simultaneous-Use
> > (together with other attributes), and in the same Authby LDAP, after
> > checking all attributes, do a reply from LDAP 'connections' (the same
> > attribute used to check before) to Port-Limit
> > Radius-dictionary-attribute.
> >
> > This is giving some problems in order that the same attribute could not
> > exist in both 'worlds': check and reply. I think this is the reason of
> > the
> > problems because I solve it putting 'connections' attribute only in one
> > 'world': check, or reply.
> >
> > There is anyway to use the same LDAP attribute checking and replying
> > in the
> > same AuthbyLDAP?
> >
> > Another 'Authby LDAP' clause could solve the problem, but this will
> > mean an
> > extra search in the LDAP, and extra work in Radiator and LDAP servers
> > and,
> > of course, slow authentication.
> >
> > Any workaround?
> >
> > best regards,
> > jules
> >
> > Julio Prada López
> > BT Ignite
> > Isabel Colbrand, 8 2º 28050 Madrid SPAIN
> > telf: +34 91 270 6152
> > fax: +34 91 270 6161
> > mail: julio.prada at ignite.com <mailto:julio.prada at ignite.com>
> >
> > **********************************************
> > Noticia legal
> > Este mensaje electrónico contiene información de BT Ignite España
> > S.A.U. que
> > es privada y confidencial, siendo para el uso exclusivo de la persona
> > (s) o
> > entidades arriba mencionadas. Si usted no es el destinatario señalado,
> > le
> > informamos que cualquier divulgación, copia, distribución o uso de los
> > contenidos está prohibida. Si usted ha recibido este mensaje por
> > error, por
> > favor borre su contenido lo antes posible.
> > Gracias.
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list