Alan DeKok a écrit : > Guillaume Rousse wrote: >> It does. But clarification between what's old and what's new syntax >> doesn't harm. > > The new syntax is documented, and is preferred. If you try the old > one (undocumented and deprecated), it works. What needs clarification? It is not documented in the rlm_ldap file shipped in top-level directory (at least for release 2.0.0). The fact that there is a huge redundancy between this file and comments in default configuration files doesn't help maintaining a reference documentation.
>> Right, but that seems to be only a syntax difference, refering to a >> named instance of the LDAP module. One would expect the code to be more >> robust, or at least the problem documented somewhere. > > It is very difficult to determine what is *supposed* to happen inside > of an authentication section. if you have suggestions for how to make > that determination, I'm interested. No, especially as I got no clue about freeradius internals. > And the problem is documented: the debug log prints out a warning > message, as you saw. > >> If I understand correctly, there no way to help the rlm_module >> understand I'm using it for autentication, as I use a complex synta, so >> I have to set it up explicitely, right ? > > Yes. > >> In this case, I think this >> deserve some explanation in the rlm_ldap documentation, such as: >> "Warning, if the LDAP module is not directly referenced to in >> authentication section, such as a failover configuration using named >> aliases, this setting will be disabled". > > The same problem applies to other modules, so it needs to be > documented in one place. Indeed. -- Guillaume Rousse Moyens Informatiques - INRIA Futurs Tel: 01 69 35 69 62 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html