I currently have a working system which authenticates users using a LDAP (eDirectory) backend. The authentication process is speedy quick! (between 0-11 ms) However, I also have a need to return attributes based on group membership. This part of the process is very slow (upwards of 6500ms) The reason it is slow is that it has to query every group and check for membership. (The reason it has to be done this way is that I am using dynamic groups a which do not populate an attribute in the user)
Long story short, I found an acceptable solution where I have a script that routinely create a new users file. Everything works perfect and very quick (< 60 ms), however I did find a problem. When FreeRadius checks the user file it is case sensitive. So while LDAP does care whether I type in BoBUser or bobuser, it matters to the USERS file. And since I have no control over how stupid my end-users are much less how they try in their username, this is a big problem! * I first tried tried lower_case=yes/before: This was useless and did absolutely nothing! * I then tried Case Insensitive Regular Expressions =~ /blahblah/i Again a freaking nightmare. Apparently the =~ is a match for everything it compares! * I had the best luck with attr_rewrite and using an %{exec:/bin/homemadelowerfunction } While this did in fact convert/replace the user name to lowercase, it also added quotes and a trailing space!!! (i.e. BOBUSER becomes "bobuser" ) I have spent the day searching the internet for a solution, but Nothing. I refuse to believe I am the first human being ever to run into this problem... Please tell me someone has an idea. Thanks Bob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html