(RADIATOR) When dealing with a fair bit of logic in the authentification procedure

Matthew Lohier matthew.lohier at pba.com.au
Wed Aug 3 19:31:27 CDT 2005 

Hi Hugh,

 

I'm running Radiator-3.13 on linux, and I'm in the process of implementing
an authentification procedure with Radiator. Our procedure -or procedures I
must say- are quite complex and involve quite a lot of logic. 

They take:

-          2 LDAP queries,

-          6 to 8 logical expressions ( if() ) mostly based on the returned
attributes from the ldap queries.

 

I have so far developed a prototype using AuthBy EXTERNAL based on a perl
script that handle the logic and queries the LDAP servers. It's working well
(using radpwtst, single-shot test case) but I'm not sure how good it's going
to perform in a real environment. 

 

I have read the bit about Fork config parameter. I will experience both
configurations.

 

Is there any other alternative than AuthBy EXTERNAL that could handle all
the logic we need. Of course AuthBy LDAP2 works well to perform a LDAP query
but then it does not give me the necessary logic I think.

 

I've included a pseudo-code to give you some indication on what I'm trying
to achieve.

 

Procedure:

The Access-Request issued to Radius includes parm1, parm2 and param3.

1/ LDAP1 query based on param1

2/ If no entry Access-Reject is returned.

3/ If reply1-attribute1 == 3, we need to match reply1-attribute2 with
param2.

4/ If the matching fails Access-Reject is returned.

5/ LDAP2 query

6/ If no entry a pre-configured action is returned (Access-Accept or
Access-Reject).

7/ If entry is found, reply2-attribute1 is tested 

8/ If reply2-attribute1 == 1 Accept-Reject is returned.

9/ If reply1-attribute1 == 2, regular expression must match with parm3

10/ If they don't match, Access-Reject is returned.

11/ Access-Accept is returned with other reply-attributes

 

I guess I'd like to be sure that AuthBy EXTERNAL is the way to go in this
case, or otherwise be given some new directions. 

 

Thanks for your reply, best regards / Matt

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050804/20caba6f/attachment.html>

More information about the radiator mailing list