sven at svenhartge.de
Wed May 2 17:44:01 CEST 2012
Alan DeKok wrote in gmane.comp.freeradius.devel:
> 2) authentication. The "bind as user" code is simple. But what's with
> the "perform_search" and "filter" stuff? Why not use have a statically
> configured user DN?
> I'd like to avoid some of the complexity of the current code.
> So is the user DN really some arbitrarily changing value? Do you
> really have to search over the entire DB for "uid=username" in order to
> find the user?
Yes, you have, because you cannot know the whole DN before you search
for the object in question.
Consider the following tree layout:
A static DN would not be enough the find all users.
To make things worse: the DN may not contain the username at all, like
So you _have_ to first search and filter, then use the gathered DN to
either bind() or collect the password. There is no way around.
Sigmentation fault. Core dumped.
More information about the Freeradius-Devel