On Thu, 20 Jan 2005, Tore Anderson wrote:
* Tore Anderson
> I want to implement a setup where FreeRADIUS uses LDAP as the > primary authentication back-end. However, if an LDAP attribute > named radiusProxy (or similar) is returned, I want to proxy the > request to the host found described in that attribute.
* Alan DeKok
> Edit raddb/ldap.attrmap. Map "radiusProxy" to the FreeRADIUS > attribure "Proxy-To-Realm".
Thanks for your reply. Your suggestion is good, but as far as I understand I still need to manually enter the realms in proxy.conf. Which is what I'm trying to avoid, in order to keep the RADIUS server itself as static as possible in order to prevent breakage from typos, etc. (My client has uptime demands from Hell itself..)
Perhaps I can patch in something that makes the values of the DEFAULT realm be dynamically looked for in LDAP based on the realm name. Would probably require two LDAP lookups per each such request, but that's acceptable, I think.
Your best bet is to extend rlm_ldap to also be able to read proxy entries from ldap on startup. That does involve some code work though.
-- Tore Anderson
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
