On Wed, Feb 23, 2005 at 08:22:21AM +1100, Michael Mitchell wrote: > From: Michael Mitchell <[EMAIL PROTECTED]> > To: freeradius-users@lists.freeradius.org > Subject: Re: Grouping accounts > Date: Wed, 23 Feb 2005 08:22:21 +1100 > > I'm not sure that Steven ever mentioned that his user database is ldap > (perhaps Steven could clarify this for us?)??
PostgreSQL. > But for what is it worth we use a very similar scheme as described by > Dustin below. For us however, our billing system is the authoritative > database, and LDAP is only used for authentication. The billing system > automagically knows which "service records" belong to each account in > the database. It aides itself in this process by adding an account id > attribute to each of the user's service records in LDAP. > > If you get your LDAP tree right, you don't even need two instances of > the ldap module. We do this: > > ldap { > basedn = "ou=%{Huntgroup-Name},dc=yourdomain" > } > > which works really nicely, as long as you keep your huntgroups up to > date ;-) > > I'm sure you could do a very similar thing with sql - have an "Account" > table for billing purposes, and a "Service" table for authentication > purposes, with each service linked back to the "Account" via an "Account > ID". > > You may have to play with the accounting queries in the sql module > configuration a little if you want the accounting records to reference > the "Account ID"... I've been talking to the boss and one of the Perl programmers. Apparently we're going to do it using FreeRadius/Perl/PostgreSQL. I thought LDAP was the way to go, but I was wrong. Steven. -- .''`. : :' : `. `'` `- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html