Hi Joost,
we have rolled in the changes sent by Steven (with some minor mods), and I have
attached the new AuthLDAP.pm that will be in the next release.
You can use it to specify any number of LDAP attributes and how they map into
check and reply items:
AuthAttrDef ldapattribute,Radius-Attribute,type
eg:
AuthAttrDef servicetype,Service-Type,check
AuthAttrDef address,Framed-IP-Address,reply
Please let us know how it goes.
Thanks to Steven Ames for contributing the code.
Cheers.
On Nov 4, 4:29pm, Joost Stegeman wrote:
> Subject: Re: (RADIATOR) LDAP Request
> Hugh,
>
> I'm not sure your suggestion to define multiple CheckAttr and ReplyAttr
fields
> in the LDAP config works in Radiator 2.14.1. It doesn't work in 2.11 for
sure.
> Maybe you mean that multiple atribute values in the LDAP directory are
> concatenated with commas?
>
> from AuthLDAP.pm, line 274:
>
> elsif ($attr eq lc $self->{CheckAttr})
> {
> # This is the attribute with check items in it
> $user->get_check->parse(join ',', @vals);
> }
> elsif ($attr eq lc $self->{ReplyAttr})
> {
> # This is the attribute with reply items in it
> $user->get_reply->parse(join ',', @vals);
> }
>
> Here I see the $attr's from the LDAP query being checked against a single
value
> in the configuration tree. This, and my tests with 2.11 lead me to believe
> your suggestion is not correct. I really like the idea from Steven Ames, who
> build som patches which make the configuration much alike the SQL
> configuration.
>
> Any other thoughts, I am wrong?
>
> - Joost.
>
> >
> > Hello Steven -
> >
> > On Fri, 29 Oct 1999, Steven Ames wrote:
> > > Would it be possible to modify the AuthLDAP modules so that instead
> > > of (or in addition to to maintain backward compatibility) having
> > > a single attribute that holds all of the reply items we can instead
> > > set things up more like the SQL modules?
> > >
> > > What I mean is under SQL you can do things like:
> > >
> > > AuthColumnDef 2, Session-Timeout, reply
> > >
> > > saying that the column 2 attribute is a reply item and should be
> > > combined with 'Session-Timeout' to create 'Session-Timeout = X'.
> > >
> > > Under LDAP the same thing could apply:
> > >
> > > LDAPAttribute, netmask, Framed-IP-Netmask, reply
> > >
> > > stating that there is an LDAP attribute called 'netmask' which should
> > > be used as the value for the reply string 'Framed-IP-Netmask'.
> > >
> > > That'd make things so much cleaner in my LDAP databases.... ditto with
> > > check items :)
> > >
> >
> > You can already do this simply by putting multiple CheckAttr and ReplyAttr
> > lines in your configuration file. The only caveat is that each LDAP field
> > must contain the complete attribute=value pair.
> >
> > <Handler ....>
> > <AuthBy LDAP>
> > ....
> > CheckAttr ServiceType # contains Service-Type = Framed-User
> > CheckAttr ....
> > ReplyAttr ServiceType # contains Service-Type = Framed-User
> > ReplyAttr FramedIPAddress # Framed-IP-Address = x.x.x.x
> > ReplyAttr FramedIPNetmask # Framed-IP-Netmask = y.y.y.y
> > ReplyAttr ....
> > ....
> > </AuthBy>
> > </Handler>
> >
> > See Section 6.30.10 and 6.30.11 in the Radiator 2.14.1 reference manual.
> >
> > hth
> >
> > Hugh
> >
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Joost Stegeman
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
AuthLDAP.pm
