(RADIATOR) Same LDAP attribute for check and reply

Valentin Tumarkin tv at xpert.com
Tue Feb 11 10:15:17 CST 2003


Sorry, but maybe I needed to clarify this:
The patch was written 2 years ago for Radiator 2.18 or something and will
NOT work 'as-is' with Radiator 3.x

The best way would be for Hugh and Mike to fix the new AuthLDAP and
AuthLDAPSDK modules.

You can also compare the patch vs. AuthLDAPSDK vs. AuthLDAP2 and
do the fix yourself. I think you only have to fix how 'AuthAttrDef' is
loaded (should be in 'stringarray' ) and the 'for' loop over the
attributes.


	Best Regards,

	Valentin


On Tue, 11 Feb 2003, "Prada López, Julio" wrote:

> Great. So here is the problem: we're using AuthLDAPSDK.
>
> Now we'll try your patch with AuthLDAPSDK, and I'll tell you if it works ;)
>
> thank you in advance,
> jules
>
> Julio Prada López
> BT Ignite
> Isabel Colbrand, 8 2º 28050 Madrid SPAIN
> telf: +34 91 270 6152
> fax: +34 91 270 6161
> mail: julio.prada at ignite.com <mailto:julio.prada at ignite.com>
>
>
> -----Mensaje original-----
> De: Valentin Tumarkin [mailto:tv at xpert.com]
> Enviado el: martes 11 de febrero de 2003 11:31
> Para: radiator at open.com.au
> Cc: hugh at open.com.au; julio.prada at bt.es
> Asunto: Re: (RADIATOR) Same LDAP attribute for check and reply
>
>
>
>  Hi,
>
> Mapping one LDAP attribute to multiple RADIUS attributes should work in
> latest versions of Radiator AuthLDAP2 module. This doesn't work with
> AuthLDAPSDK or AuthLDAP. It doesn't work in Radiator 2.x.x.
>
> The reason is very simple:
> # In AuthLDAPSDK and AuthLDAP
> 'AuthAttrDef'           => 'stringhash'
> # ...
> foreach $ldapname (keys %{$self->{AuthAttrDef}})
> #
>
> # In AuthLDAP2
> AuthAttrDef'           => 'stringarray',
> # ....
> foreach $authattrdef_set (@{$self->{AuthAttrDef}})
> #
>
> To Mike and Hugh -
>
> This issue is familiar to me, because in 2001 I wrote a patch for
> Radiator AuthLDAPSDK that implemented this function (needed
> this for a client).
>
> You should really take a look at :
> http://www.open.com.au/archives/radiator/2001-03/msg00111.html
>
> The feature finally got into Radiator version 3.x AuthLDAP2,
> implemented almost identically (up to the variable names) to my
> original patch ;)
>
>
>  Cheers
>
>
> On Tue, 11 Feb 2003, Hugh Irvine wrote:
>
> >
> > Hello Julio -
> >
> > I would have thought that you could use the same attribute twice.
> >
> > Could you send me the configuration file and the trace 4 debug?
> >
> > thanks
> >
> > Hugh
> >
> >
> >
> > On Tuesday, Feb 11, 2003, at 04:36 Australia/Melbourne,
> > julio.prada at bt.es wrote:
> >
> > > Hi all,
> > >
> > > I've Radiator server with an 'Authby LDAP' clause and a LDAP server i a
> > > sepparate box.
> > >
> > > I want to check LDAP attribute called 'connections' with
> > > Simultaneous-Use
> > > (together with other attributes), and in the same Authby LDAP, after
> > > checking all attributes, do a reply from LDAP 'connections' (the same
> > > attribute used to check before) to Port-Limit
> > > Radius-dictionary-attribute.
> > >
> > > This is giving some problems in order that the same attribute could not
> > > exist in both 'worlds': check and reply. I think this is the reason of
> > > the
> > > problems because I solve it putting 'connections' attribute only in one
> > > 'world': check, or reply.
> > >
> > > There is anyway to use the same LDAP attribute checking and replying
> > > in the
> > > same AuthbyLDAP?
> > >
> > > Another 'Authby LDAP' clause could solve the problem, but this will
> > > mean an
> > > extra search in the LDAP, and extra work in Radiator and LDAP servers
> > > and,
> > > of course, slow authentication.
> > >
> > > Any workaround?
> > >
> > > best regards,
> > > jules
> > >
> > > Julio Prada López
> > > BT Ignite
> > > Isabel Colbrand, 8 2º 28050 Madrid SPAIN
> > > telf: +34 91 270 6152
> > > fax: +34 91 270 6161
> > > mail: julio.prada at ignite.com <mailto:julio.prada at ignite.com>
> > >
> > > **********************************************
> > > Noticia legal
> > > Este mensaje electrónico contiene información de BT Ignite España
> > > S.A.U. que
> > > es privada y confidencial, siendo para el uso exclusivo de la persona
> > > (s) o
> > > entidades arriba mencionadas. Si usted no es el destinatario señalado,
> > > le
> > > informamos que cualquier divulgación, copia, distribución o uso de los
> > > contenidos está prohibida. Si usted ha recibido este mensaje por
> > > error, por
> > > favor borre su contenido lo antes posible.
> > > Gracias.
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> > >
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
>
>
>
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
> **********************************************
> Noticia legal
> Este mensaje electrónico contiene información de BT Ignite España S.A.U. que
> es privada y confidencial, siendo para el uso exclusivo de la persona (s) o
> entidades arriba mencionadas. Si usted no es el destinatario señalado, le
> informamos que cualquier divulgación, copia, distribución o uso de los
> contenidos está prohibida. Si usted ha recibido este mensaje por error, por
> favor borre su contenido lo antes posible.
> Gracias.
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list