El 13 Mar 2001, a las 10:02, Hugh Irvine escribió:
>
> Hello Julio -
>
> On Monday 12 March 2001 23:47, [EMAIL PROTECTED] wrote:
> > hi all,
> >
> > in our scenario, Radiator do Auth by LDAP. So we are provisioning to the
> > LDAP the type of connections allowed per user. For example:
> >
> > user@domain
> > typeofconnection: Async
> > typeofconnection: Sync
> > typeofconnection: ISDN-Async
> > typeofconnection: ISDN-Sync
> >
> > In this way, the LDAP attribute "typeofconnection" contains all the types
> > of connection allowed, and this attribute is multi-valued.
> >
> > In our config file (Radiator) we do an AuthLDAP2 and we check NAS-Port-Type
> > and "typeofconnection". The problem appears because 'checking' seems to get
> > only the first value of the multi-value-attribute
> >
> > "Async Sync ISDN-Async ..."
> >
> > and in this example, only Async connections will be allowed.
> >
> > Does exist any way to check NAS-Port-Type and a LDAP multi-value attribute
> > in a blank-separated-basis-values ?
> >
>
> No, there isn't anything like that currently, so the only thing I can suggest
> is a PreAuthHook or a custom AuthBy clause to do the required processing.
>
> I have also been trying to think of a way to do this in a generalised
> fashion, but I can't think of a solution. If anyone has any ideas I would be
> happy to hear them.
Interesting thing... I might need it in the future...
As Ingvar Berg noted in a recent message, there might be performance
penalties when searching non-indexed attributes... OTOH, you can index
also this particular attribute, just for performance sake (at least
OpenLDAP lets me do it).
But, as a "generalised" solution proposal:
what about an extension to the AuthAttrDef syntax adding a "check-
multiple" type?... the corresponding line in Julio's radius.cfg would be:
AuthAttrDef typeofconnection,NAS-Port-Type,check-multiple
I didn't read the source code, so I don't know if this is simple,
complicated or definitively ridiculous, but it looks to me as a "general"
approach to the problem.
Just my 2c.
>
> regards
>
> Hugh
>
--
Mariano Absatz
El Baby
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
