(RADIATOR) When dealing with a fair bit of logic in the authentification procedure
Matthew Lohier
matthew.lohier at pba.com.au
Wed Aug 3 19:31:27 CDT 2005
Hi Hugh,
I'm running Radiator-3.13 on linux, and I'm in the process of implementing
an authentification procedure with Radiator. Our procedure -or procedures I
must say- are quite complex and involve quite a lot of logic.
They take:
- 2 LDAP queries,
- 6 to 8 logical expressions ( if() ) mostly based on the returned
attributes from the ldap queries.
I have so far developed a prototype using AuthBy EXTERNAL based on a perl
script that handle the logic and queries the LDAP servers. It's working well
(using radpwtst, single-shot test case) but I'm not sure how good it's going
to perform in a real environment.
I have read the bit about Fork config parameter. I will experience both
configurations.
Is there any other alternative than AuthBy EXTERNAL that could handle all
the logic we need. Of course AuthBy LDAP2 works well to perform a LDAP query
but then it does not give me the necessary logic I think.
I've included a pseudo-code to give you some indication on what I'm trying
to achieve.
Procedure:
The Access-Request issued to Radius includes parm1, parm2 and param3.
1/ LDAP1 query based on param1
2/ If no entry Access-Reject is returned.
3/ If reply1-attribute1 == 3, we need to match reply1-attribute2 with
param2.
4/ If the matching fails Access-Reject is returned.
5/ LDAP2 query
6/ If no entry a pre-configured action is returned (Access-Accept or
Access-Reject).
7/ If entry is found, reply2-attribute1 is tested
8/ If reply2-attribute1 == 1 Accept-Reject is returned.
9/ If reply1-attribute1 == 2, regular expression must match with parm3
10/ If they don't match, Access-Reject is returned.
11/ Access-Accept is returned with other reply-attributes
I guess I'd like to be sure that AuthBy EXTERNAL is the way to go in this
case, or otherwise be given some new directions.
Thanks for your reply, best regards / Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20050804/20caba6f/attachment.html>
More information about the radiator
mailing list