> 
> ...where the three ldap instances above are identical except the filter which 
> is:
> 
> ldap_macauth:
>    filter = 
> "(&(macAddress=%{Calling-Station-Id})(radiusNASIpAddress=%{NAS-IP-Address})(radiusHint=%{NAS-Port}))"
> ldap_macauth_NAS_only:
>    filter = 
> "(&(macAddress=%{Calling-Station-Id})(radiusNASIpAddress=%{NAS-IP-Address}))"
> ldap_macauth_mobility:
>    filter = "(macAddress=%{Calling-Station-Id})"

No. It's a really inefficient way of doing this.

Use generic attribute maps or an update ldap schema to pull the necessary 
values into control attributes,
and then do the comparison in policy language. Otherwise you end up doing 
multiple LDAP queries which are
comparatively extremely slow to anything else you're doing in the policy.

Arran Cudbard-Bell <a.cudba...@freeradius.org>
FreeRADIUS Development Team

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to