[RADIATOR] AuthBy FILE + IfNotExist and/or maintaining Access response
Alexander Hartmaier
alexander.hartmaier at t-systems.at
Fri Oct 23 06:50:29 CDT 2009
As far as I remember the rewrite rules are executed before all AuthBy's
regardless of where in the Handler you place them.
The same might be the case for StripFromReply too...
Am Donnerstag, den 22.10.2009, 23:12 +0200 schrieb Nathan Anderson:
> Nathan Anderson wrote:
>
> > If the user was matched against once of the LDAPs instead of the
> > Global-Users FILE, then the situation is even worse since the reply
> > will go to the client without ANY Service-Type attribute at all.
>
> Oops, just read this and realized I'm wrong on this point, because ContinueUntilAccept will not allow the process to even reach the StripFromReply if Radiator gets a positive hit from one of the LDAP AuthBys. But that's neither here nor there since my first point still stands: for the AuthBy FILE/Global-Users section, StripFromReply gives me a different result from what I'm after, which is an AddToReplyIfNotExist function within the FILE (the former gives one Service-Type in the reply by removing the first one and using the last one, while the latter would preserve the first one and reject subsequent attributes with the same name).
>
> I've actually started to delve a little into the Radiator code to see how easy it might be to implement something like this...we'll see how far I manage to get. :)
--
best regards, Alex
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
More information about the radiator
mailing list