New LDAP module in "master"

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Nov 13 21:14:27 CET 2012


On 13 Nov 2012, at 20:02, Peter Lambrechtsen <peter at crypt.co.nz> wrote:

> Alan
> 
> We use the eDir module within FreeRadius quite heavily so wouldn't want to loose that functionality.
> 
> If you have a RHEL (or Centos), SLES or Solaris instance then it's pretty straight forward how to test if the eDirectory Universal Password functionality is functional or not.  You can easily download eDirectory from download.novell.com and I can help with the few steps required to get a working instance after that.

Ok.

> the ldap.attrmap is also quite useful externalised as a separate file rather than being part of the specific LDAP module configuration.  In our case we run multiple instances of the LDAP Module depending on the path you took to get to the FreeRadius instance.  Some of these paths have the same LDAP -> VSA Attribute mapping but have different LDAP Servers and Base DN/Filters we search on, others have slightly different ones.  So we reference the same ldap.attrmap against different module instances.
> Not a biggie either way as we would just duplicate the mapping across the different instances, but I can see the rationale from having everything inside the single module configuration file.

The current mappings file doesn't follow any of the conventions of the server, it uses outdated list names and its confusing for new users. It makes much more sense to use one of the schemes previously discussed in another thread, and if you want to use the same mappings with multiple files, then you can move them to an external file and $INCLUDE that.

-Arran


More information about the Freeradius-Devel mailing list