[RADIATOR] AuthBy FILE + IfNotExist and/or maintaining Access response
Nathan Anderson
nathana at fsr.com
Thu Oct 22 16:12:48 CDT 2009
Nathan Anderson wrote:
> If the user was matched against once of the LDAPs instead of the
> Global-Users FILE, then the situation is even worse since the reply
> will go to the client without ANY Service-Type attribute at all.
Oops, just read this and realized I'm wrong on this point, because ContinueUntilAccept will not allow the process to even reach the StripFromReply if Radiator gets a positive hit from one of the LDAP AuthBys. But that's neither here nor there since my first point still stands: for the AuthBy FILE/Global-Users section, StripFromReply gives me a different result from what I'm after, which is an AddToReplyIfNotExist function within the FILE (the former gives one Service-Type in the reply by removing the first one and using the last one, while the latter would preserve the first one and reject subsequent attributes with the same name).
I've actually started to delve a little into the Radiator code to see how easy it might be to implement something like this...we'll see how far I manage to get. :)
--
Nathan Anderson
First Step Internet, LLC
nathana at fsr.com
More information about the radiator
mailing list