Hi Peter,<br><br>I have three plus years of experience in Free Radius and Cisco Access Registrar (AAA server) specialized on LDAP client and server side<br><br>I'm interested to do the work of LDAP accounting write-ups. I can be paid<br>
<br>My expectation and work completion would be in 10 days and $1000<br><br>Thanks,<br>Sakthi<br>+91 9032908542<br><br><div class="gmail_quote">On Thu, May 3, 2012 at 2:39 PM, Peter Lambrechtsen <span dir="ltr"><<a href="mailto:peter@crypt.co.nz" target="_blank">peter@crypt.co.nz</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello<br><br>I was wanting to know if someone would be interested in being paid to add "accounting" support into the RLM_LDAP module.<br>
<br>For this I am wanting when calling the ldap module during the "accounting" section so it can update/delete records in the LDAP directory based on the Acct-Status-Type and using a new field type into the ldap.attrmap. Ideally I would be looking for when you get an accounting Start it adds or updates an attribute, for an Interim-Update also add/update and for a Stop then removes the attribute.<br>
<br>In the ldap.attrmap the following ItemType should be extended to support both accounting start / interim update and stop verbs over and above the current checkItem/replyItem.<br><br>checkItem NAS-IP-Address radiusNASIpAddress<br>
replyItem Framed-IP-Address radiusIpAddress<br>acctStartItem NAS-Port-Id radiusNASPortId<br>acctIntUpdItem NAS-Port-Id radiusNASPortId<br>acctStopItem NAS-Port-Id radiusNASPortId<br>
<br>This would mean that when an accounting start packet came through the same LDAP Filter lookup used for the authenticate & authorize would be done for the customer record and query for the acctStartItem attributes if the accounting request had the matching VSA then the LDAP Module would do a LDAP replace attribute or if the attribute didn't exist do a ldap add attribute. The same applies for an Interim-Update and subsequently for a stop packet remove the attribute from the directory if it exists.<br>
The wrinkle with LDAP is you can't always do a LDAP add, you need to use replace if the attribute exists.<br><br>I've written this in Perl and it works reasonably well but it would be ideal to have this working inside ldap as then the custom perl code I wrote wouldn't be needed. Below is the perl i've written.<br>
<br> my $ldap = Net::LDAP->new ( "127.0.0.1" ) or die "$@";<br> my $mesg = $ldap->bind ( "cn=admin,o=admin", password => "password", version => 3 );<br> my $attrs = [ 'radiusNASPortId' ];<br>
my $result = $ldap->search ( base => "o=Identities", scope => "sub",<br> filter => "(radiusRemoteID=$RAD_REQUEST{'ADSL-Agent-Remote-Id'})",<br>
attrs => $attrs );<br> my $attrcount = $result->count;<br> if ($result->count > 0) {<br> my @entries = $result->entries;<br> my $userdn = @entries[0]->dn;<br>
my $sessionfound = @entries[0]->exists('radiusNASPortId');<br> if ( $RAD_REQUEST{'Acct-Status-Type'} =~ "Start" ) {<br> if ( @entries[0]->exists('radiusNASPortId') ) {<br>
my $newresult = $ldap->modify($userdn , replace => { 'radiusNASPortId' => "$RAD_REQUEST{'NAS-Port-Id'}" } );<br> } else {<br> my $newresult = $ldap->modify($userdn , add => { 'radiusNASPortId' => "$RAD_REQUEST{'NAS-Port-Id'}" } );<br>
}<br> }<br> if ( $RAD_REQUEST{'Acct-Status-Type'} =~ "Stop" ) {<br> if ( @entries[0]->exists('radiusNASPortId') ) {<br> my $newresult = $ldap->modify($userdn , delete => { 'radiusNASPortId' => [] } );<br>
}<br> }<br> }<br><br>To get someone who is familiar with the freeradius code base and can write code which would be acceptable to be committed back into the mainline FR codebase as this should be code contributed back to the community. <br>
<br>How much development effort would be required (x days?) and who would be interested in being paid (and how much) to do the work?<br><br>Feel free to email me directly off list if you're interested.<br><br>Cheers<span class="HOEnZb"><font color="#888888"><br>
<br>Peter<br>
</font></span><br>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/devel.html" target="_blank">http://www.freeradius.org/list/devel.html</a><br></blockquote></div><br>