rlm_ldap ignores password_radius_attribute

John Dennis jdennis at redhat.com
Mon Apr 26 19:20:09 CEST 2010


On 04/26/2010 12:31 PM, Alan DeKok wrote:
> Alexander Clouter wrote:
>> Hi,
>>
>> Looks like the rlm_ldap module ignores 'password_radius_attribute'[1] so
>> something like the following completely untested patch is needed.  The
>> Novhell eDirectory code probably needs tweaking also to honour this
>> variable, or alternatively remove 'password_radius_attribute' altogether
>
>    That would be the preferable choice.
>
>    Nearly *all* of the "special" handling of passwords in rlm_ldap should
> be deleted.  The "ldap.attrmap" file should be used instead.
>
>    As of 2.1.x, the only reason that rlm_ldap treats passwords as
> "special" is for historical reasons.

Yeah, rlm_ldap needs some clean up.

FWIW, I have patches laying around that adds both SASL & Kerberos 
authentication to the LDAP server and adds support for keeping the NAS 
client list in LDAP (much like rlm_sql does).

If I can get some free cycles I'll help cleaning up rlm_ldap and adding 
some new functionality to it.

-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



More information about the Freeradius-Devel mailing list