(RADIATOR) Same LDAP attribute for check and reply

"Prada López, Julio" julio.prada at bt.es
Tue Feb 11 09:57:03 CST 2003


Great. So here is the problem: we're using AuthLDAPSDK.

Now we'll try your patch with AuthLDAPSDK, and I'll tell you if it works ;)

thank you in advance,
jules

Julio Prada López
BT Ignite
Isabel Colbrand, 8 2º 28050 Madrid SPAIN
telf: +34 91 270 6152
fax: +34 91 270 6161
mail: julio.prada at ignite.com <mailto:julio.prada at ignite.com> 
 

-----Mensaje original-----
De: Valentin Tumarkin [mailto:tv at xpert.com]
Enviado el: martes 11 de febrero de 2003 11:31
Para: radiator at open.com.au
Cc: hugh at open.com.au; julio.prada at bt.es
Asunto: Re: (RADIATOR) Same LDAP attribute for check and reply



 Hi,

Mapping one LDAP attribute to multiple RADIUS attributes should work in 
latest versions of Radiator AuthLDAP2 module. This doesn't work with 
AuthLDAPSDK or AuthLDAP. It doesn't work in Radiator 2.x.x.

The reason is very simple:
# In AuthLDAPSDK and AuthLDAP
'AuthAttrDef'           => 'stringhash'
# ...
foreach $ldapname (keys %{$self->{AuthAttrDef}})
#

# In AuthLDAP2 
AuthAttrDef'           => 'stringarray',
# ....
foreach $authattrdef_set (@{$self->{AuthAttrDef}})
# 

To Mike and Hugh -

This issue is familiar to me, because in 2001 I wrote a patch for 
Radiator AuthLDAPSDK that implemented this function (needed
this for a client). 

You should really take a look at :
http://www.open.com.au/archives/radiator/2001-03/msg00111.html

The feature finally got into Radiator version 3.x AuthLDAP2, 
implemented almost identically (up to the variable names) to my 
original patch ;)


 Cheers


On Tue, 11 Feb 2003, Hugh Irvine wrote:

> 
> Hello Julio -
> 
> I would have thought that you could use the same attribute twice.
> 
> Could you send me the configuration file and the trace 4 debug?
> 
> thanks
> 
> Hugh
> 
> 
> 
> On Tuesday, Feb 11, 2003, at 04:36 Australia/Melbourne, 
> julio.prada at bt.es wrote:
> 
> > Hi all,
> >
> > I've Radiator server with an 'Authby LDAP' clause and a LDAP server i a
> > sepparate box.
> >
> > I want to check LDAP attribute called 'connections' with 
> > Simultaneous-Use
> > (together with other attributes), and in the same Authby LDAP, after
> > checking all attributes, do a reply from LDAP 'connections' (the same
> > attribute used to check before) to Port-Limit 
> > Radius-dictionary-attribute.
> >
> > This is giving some problems in order that the same attribute could not
> > exist in both 'worlds': check and reply. I think this is the reason of 
> > the
> > problems because I solve it putting 'connections' attribute only in one
> > 'world': check, or reply.
> >
> > There is anyway to use the same LDAP attribute checking and replying 
> > in the
> > same AuthbyLDAP?
> >
> > Another 'Authby LDAP' clause could solve the problem, but this will 
> > mean an
> > extra search in the LDAP, and extra work in Radiator and LDAP servers 
> > and,
> > of course, slow authentication.
> >
> > Any workaround?
> >
> > best regards,
> > jules
> >
> > Julio Prada López
> > BT Ignite
> > Isabel Colbrand, 8 2º 28050 Madrid SPAIN
> > telf: +34 91 270 6152
> > fax: +34 91 270 6161
> > mail: julio.prada at ignite.com <mailto:julio.prada at ignite.com>
> >
> > **********************************************
> > Noticia legal
> > Este mensaje electrónico contiene información de BT Ignite España 
> > S.A.U. que
> > es privada y confidencial, siendo para el uso exclusivo de la persona 
> > (s) o
> > entidades arriba mencionadas. Si usted no es el destinatario señalado, 
> > le
> > informamos que cualquier divulgación, copia, distribución o uso de los
> > contenidos está prohibida. Si usted ha recibido este mensaje por 
> > error, por
> > favor borre su contenido lo antes posible.
> > Gracias.
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> 
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> 






===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

********************************************** 
Noticia legal 
Este mensaje electrónico contiene información de BT Ignite España S.A.U. que
es privada y confidencial, siendo para el uso exclusivo de la persona (s) o
entidades arriba mencionadas. Si usted no es el destinatario señalado, le
informamos que cualquier divulgación, copia, distribución o uso de los
contenidos está prohibida. Si usted ha recibido este mensaje por error, por
favor borre su contenido lo antes posible. 
Gracias.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list