* Tore Anderson > I want to implement a setup where FreeRADIUS uses LDAP as the > primary authentication back-end. However, if an LDAP attribute > named radiusProxy (or similar) is returned, I want to proxy the > request to the host found described in that attribute.
* Alan DeKok > Edit raddb/ldap.attrmap. Map "radiusProxy" to the FreeRADIUS > attribure "Proxy-To-Realm". Thanks for your reply. Your suggestion is good, but as far as I understand I still need to manually enter the realms in proxy.conf. Which is what I'm trying to avoid, in order to keep the RADIUS server itself as static as possible in order to prevent breakage from typos, etc. (My client has uptime demands from Hell itself..) Perhaps I can patch in something that makes the values of the DEFAULT realm be dynamically looked for in LDAP based on the realm name. Would probably require two LDAP lookups per each such request, but that's acceptable, I think. -- Tore Anderson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
