Re: Logging the return code from the ldap authentication to SQL.

2009-03-23 Thread Alexander Clouter
Alan DeKok al...@deployingradius.com wrote: Augusto G. Andreollo wrote: Hmm.. thing is, the post-auth sql query is already being processed, to log the Access-Reject.. Yes.. I know. But the return code from the LDAP module in the *authorize* section is lost by then. Is there any other

Re: Logging the return code from the ldap authentication to SQL.

2009-03-17 Thread Alan DeKok
Augusto G. Andreollo wrote: I must've been doing something wrong.. When I erased everything and retyped it again, it's now returning OK as given. Weird... OK My problem now is that it only returns correctly when the module returns OK. If the LDAP returns anything else (fail, rejected,

Re: Logging the return code from the ldap authentication to SQL.

2009-03-17 Thread Augusto G. Andreollo
On Tue, 2009-03-17 at 10:11 +0100, Alan DeKok wrote: My problem now is that it only returns correctly when the module returns OK. If the LDAP returns anything else (fail, rejected, notfound), it just completely skips over the IFs block and goes straight to Post-Auth. Is that expected?

Re: Logging the return code from the ldap authentication to SQL.

2009-03-17 Thread Alan DeKok
Augusto G. Andreollo wrote: Hmm.. thing is, the post-auth sql query is already being processed, to log the Access-Reject.. Yes.. I know. But the return code from the LDAP module in the *authorize* section is lost by then. Is there any other way I could extract the rejection reason from

Re: Logging the return code from the ldap authentication to SQL.

2009-03-16 Thread Alan DeKok
Augusto G. Andreollo wrote: I have the need to log the return code from the LDAP authentication to our database (I'm adding it to the postauth table scheme). I wouldn't suggest doing that for EVERY packet. Why do you think it's necessary? I've already modified the database scheme (ok), the

Re: Logging the return code from the ldap authentication to SQL.

2009-03-16 Thread A . L . M . Buxey
Hi, if (rejected) { are you sure sucha return code is available and comparable in such a way? looks like 'rejected' got matched...possibly because the check went okay - a value of 0 - rejected isnt defined...has a value of 0 too? just a guess!

Re: Logging the return code from the ldap authentication to SQL.

2009-03-16 Thread Augusto G. Andreollo
On Mon, 2009-03-16 at 16:13 +0100, Alan DeKok wrote: Augusto G. Andreollo wrote: My problem now is getting the return code into the variable, according to the LDAP module results. It looks like it's working. What's the problem? (and then it goes on to successfuly add the string

Re: Logging the return code from the ldap authentication to SQL.

2009-03-16 Thread Augusto G. Andreollo
Ok, updating on my progress: On Mon, 2009-03-16 at 14:28 -0300, Augusto G. Andreollo wrote: On Mon, 2009-03-16 at 16:13 +0100, Alan DeKok wrote: Augusto G. Andreollo wrote: My problem now is getting the return code into the variable, according to the LDAP module results. It