Re: (RADIATOR) @ in usernames, NoDefault not working
Mike McCauley writes: > The message you see is an unfiortunate side effect of some recent changes to > AuthBy LDAP2. Those changes will be backed out in the next release. IN the > meantime, you can fix this by commenting out this line in AuthLDAP2.pm: > > #$filter = eval qq/"$filter"/; # Interpolate perl vars > > Hope that helps. Aaah, indeed this fixes the "@" problem. Thanks to you and Hugh for your help! Robert === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) @ in usernames, NoDefault not working
Hello Julio, The message you see is an unfiortunate side effect of some recent changes to AuthBy LDAP2. Those changes will be backed out in the next release. IN the meantime, you can fix this by commenting out this line in AuthLDAP2.pm: #$filter = eval qq/"$filter"/; # Interpolate perl vars Hope that helps. Cheers. On Apr 9, 8:50am, [EMAIL PROTECTED] wrote: > Subject: RE: (RADIATOR) @ in usernames, NoDefault not working > hi all, > > we upgraded from 2.17.1 to 2.18 and no changes in .cfg file. > We use Authby LDAP2 too and we receive the message: > >Global symbol "@domain" requires explicit package name at (eval 238) line > 1. > > This message did not appear before. To 'hide' it, we use SearchFilter and it > works. > > Any comments about it will be wellcome > > regards, > jules > > -Mensaje original- > De: Hugh Irvine [mailto:[EMAIL PROTECTED]] > Enviado el: viernes 6 de abril de 2001 7:46 > Para: Robert Kiessling; [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Asunto: Re: (RADIATOR) @ in usernames, NoDefault not working > > > > Hello Robert - > > I have also copied this mail to Mike for his comments. > > On Friday 06 April 2001 07:32, Robert Kiessling wrote: > > Hi, > > > > with Radiator-2.18 and Perl 5.005_03, authenticating using AuthLDAP2, > > I see two problems. > > > > First, I get the following error message if the username in the > > authentication request contains an `@': > > > > Global symbol "@easynet" requires explicit package name at (eval 238) > > line 1. > > > > A workaround is to add > > > > RewriteUsername s/\@/\\\@/ > > > > but surely this is not the expected behaviour? > > > > I am sure it is not - Mike? > > > Second, NoDefault and NoDefaultIfFound do not seem to work. Even > > though set, the LDAP server is still queried for DEFAULT if either the > > user was not found in LDAP or the password ist wrong. > > > > Both of these are AuthBy parameters and should be included within the AuthBy > > definition, not in the surrounding Realm. > > > And while I'm writing, are there plans to support failover from one > > LDAP server to another, instead of not replying to the query? > > > > You can set up multiple AuthBy clauses, with each one pointing at a > different > LDAP server. Then you would chain them together with an AuthByPolicy. > > > Identifier CheckLDAPserver1 > Hostlocalhost > AuthDN > AuthPassword > HoldServerConnection > BaseDN o=easynet.net > UsernameAttruid > PasswordAttruserPassword > SearchFilter(&(uid=%1)(status=ACTIVE)(services=DIAL)) > NoDefault > NoDefaultIfFound > > > > Identifier CheckLDAPserver2 > Hostotherhost > AuthDN > AuthPassword > HoldServerConnection > BaseDN o=easynet.net > UsernameAttruid > PasswordAttruserPassword > SearchFilter(&(uid=%1)(status=ACTIVE)(services=DIAL)) > NoDefault > NoDefaultIfFound > > > > AuthByPolicy ContinueUntilAccept > AuthBy CheckLDAPserver1 > AuthBy CheckLDAPserver2 > > > > hth > > Hugh > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > ** > Noticia legal > Este mensaje electrónico contiene información de BT Telecomunicaciones S.A. > que es privada y confidencial, siendo para el uso exclusivo de la persona > (s) o entidades arriba mencionadas. Si usted no es el destinatario señalado, > le informamos que cualquier divulgación, copia, distribución o uso de los > contenidos está prohibida. Si usted ha recibido este mensaje por error, por > favor borre su contenido y comuníquenoslo en la dirección [EMAIL PROTECTED] > Gracia
RE: (RADIATOR) @ in usernames, NoDefault not working
hi all, we upgraded from 2.17.1 to 2.18 and no changes in .cfg file. We use Authby LDAP2 too and we receive the message: Global symbol "@domain" requires explicit package name at (eval 238) line 1. This message did not appear before. To 'hide' it, we use SearchFilter and it works. Any comments about it will be wellcome regards, jules -Mensaje original- De: Hugh Irvine [mailto:[EMAIL PROTECTED]] Enviado el: viernes 6 de abril de 2001 7:46 Para: Robert Kiessling; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Asunto: Re: (RADIATOR) @ in usernames, NoDefault not working Hello Robert - I have also copied this mail to Mike for his comments. On Friday 06 April 2001 07:32, Robert Kiessling wrote: > Hi, > > with Radiator-2.18 and Perl 5.005_03, authenticating using AuthLDAP2, > I see two problems. > > First, I get the following error message if the username in the > authentication request contains an `@': > > Global symbol "@easynet" requires explicit package name at (eval 238) > line 1. > > A workaround is to add > > RewriteUsername s/\@/\\\@/ > > but surely this is not the expected behaviour? > I am sure it is not - Mike? > Second, NoDefault and NoDefaultIfFound do not seem to work. Even > though set, the LDAP server is still queried for DEFAULT if either the > user was not found in LDAP or the password ist wrong. > Both of these are AuthBy parameters and should be included within the AuthBy definition, not in the surrounding Realm. > And while I'm writing, are there plans to support failover from one > LDAP server to another, instead of not replying to the query? > You can set up multiple AuthBy clauses, with each one pointing at a different LDAP server. Then you would chain them together with an AuthByPolicy. Identifier CheckLDAPserver1 Hostlocalhost AuthDN AuthPassword HoldServerConnection BaseDN o=easynet.net UsernameAttruid PasswordAttruserPassword SearchFilter(&(uid=%1)(status=ACTIVE)(services=DIAL)) NoDefault NoDefaultIfFound Identifier CheckLDAPserver2 Hostotherhost AuthDN AuthPassword HoldServerConnection BaseDN o=easynet.net UsernameAttruid PasswordAttruserPassword SearchFilter(&(uid=%1)(status=ACTIVE)(services=DIAL)) NoDefault NoDefaultIfFound AuthByPolicy ContinueUntilAccept AuthBy CheckLDAPserver1 AuthBy CheckLDAPserver2 hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. ** Noticia legal Este mensaje electrónico contiene información de BT Telecomunicaciones S.A. que es privada y confidencial, siendo para el uso exclusivo de la persona (s) o entidades arriba mencionadas. Si usted no es el destinatario señalado, le informamos que cualquier divulgación, copia, distribución o uso de los contenidos está prohibida. Si usted ha recibido este mensaje por error, por favor borre su contenido y comuníquenoslo en la dirección [EMAIL PROTECTED] Gracias. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) @ in usernames, NoDefault not working
Hello Robert - I have also copied this mail to Mike for his comments. On Friday 06 April 2001 07:32, Robert Kiessling wrote: > Hi, > > with Radiator-2.18 and Perl 5.005_03, authenticating using AuthLDAP2, > I see two problems. > > First, I get the following error message if the username in the > authentication request contains an `@': > > Global symbol "@easynet" requires explicit package name at (eval 238) > line 1. > > A workaround is to add > > RewriteUsername s/\@/\\\@/ > > but surely this is not the expected behaviour? > I am sure it is not - Mike? > Second, NoDefault and NoDefaultIfFound do not seem to work. Even > though set, the LDAP server is still queried for DEFAULT if either the > user was not found in LDAP or the password ist wrong. > Both of these are AuthBy parameters and should be included within the AuthBy definition, not in the surrounding Realm. > And while I'm writing, are there plans to support failover from one > LDAP server to another, instead of not replying to the query? > You can set up multiple AuthBy clauses, with each one pointing at a different LDAP server. Then you would chain them together with an AuthByPolicy. Identifier CheckLDAPserver1 Hostlocalhost AuthDN AuthPassword HoldServerConnection BaseDN o=easynet.net UsernameAttruid PasswordAttruserPassword SearchFilter(&(uid=%1)(status=ACTIVE)(services=DIAL)) NoDefault NoDefaultIfFound Identifier CheckLDAPserver2 Hostotherhost AuthDN AuthPassword HoldServerConnection BaseDN o=easynet.net UsernameAttruid PasswordAttruserPassword SearchFilter(&(uid=%1)(status=ACTIVE)(services=DIAL)) NoDefault NoDefaultIfFound AuthByPolicy ContinueUntilAccept AuthBy CheckLDAPserver1 AuthBy CheckLDAPserver2 hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
