ldap attribtes from accounting{} and acct_users/users files

Tariq Rashid tariq.rashid at uk.easynet.net
Fri Oct 13 17:07:29 CEST 2006

I wonder if its possible to do ldap lookups when handling accounting (start) packets? This would likely mean adding an "ldap" entry to the accounting{} section of the radiusd.conf file. 

At the moment I am calling an external script from the acct-users file usingg:

	DEFAULT Acct-Status-Type == Start
   	     Exec-Program = "/etc/freeradius/scripts/acct_start.py %{User-Name}" 

but this is inefficient as i want to only start an external interpreter if an ldap attribiute is set to certain values. if the freeradius daemon, which holds open sessions to the ldap server, can re-use those connections during the accounting phase, and the acct-users file could restrict calling the external code based on those attributes ... something like:
	DEFAULT Acct-Status-Type == Start, Ldap_Attribute == My_Specific_Value_1
   	     Exec-Program = "/etc/freeradius/scripts/acct_start.py %{User-Name}" 

	DEFAULT Acct-Status-Type == Start, Ldap_Attribute == My_Specific_Value_2
   	     Exec-Program = "/etc/freeradius/scripts/acct_start.py %{User-Name}" 

i've not found anyone try this.

is it a bad idea to try to get the "rlm_ldap" module called from the accounting{} section? can the returned attributes be mapped or accessed such as {%ldap:Attribue_Name} or similar?

I'm prepared to do some development work to get this working - i know that when i last looked at freeradius 1.0.2 accessing ldap attributes from the users files was not possible.

any ideas or comments or pointers would be gratefully received


More information about the Freeradius-Users mailing list