ldap attribtes from accounting{} and acct_users/users files
Tariq Rashid
tariq.rashid at uk.easynet.net
Fri Oct 13 17:07:29 CEST 2006
I wonder if its possible to do ldap lookups when handling accounting (start) packets? This would likely mean adding an "ldap" entry to the accounting{} section of the radiusd.conf file.
At the moment I am calling an external script from the acct-users file usingg:
DEFAULT Acct-Status-Type == Start
Exec-Program = "/etc/freeradius/scripts/acct_start.py %{User-Name}"
but this is inefficient as i want to only start an external interpreter if an ldap attribiute is set to certain values. if the freeradius daemon, which holds open sessions to the ldap server, can re-use those connections during the accounting phase, and the acct-users file could restrict calling the external code based on those attributes ... something like:
DEFAULT Acct-Status-Type == Start, Ldap_Attribute == My_Specific_Value_1
Exec-Program = "/etc/freeradius/scripts/acct_start.py %{User-Name}"
DEFAULT Acct-Status-Type == Start, Ldap_Attribute == My_Specific_Value_2
Exec-Program = "/etc/freeradius/scripts/acct_start.py %{User-Name}"
i've not found anyone try this.
is it a bad idea to try to get the "rlm_ldap" module called from the accounting{} section? can the returned attributes be mapped or accessed such as {%ldap:Attribue_Name} or similar?
I'm prepared to do some development work to get this working - i know that when i last looked at freeradius 1.0.2 accessing ldap attributes from the users files was not possible.
any ideas or comments or pointers would be gratefully received
tariq
More information about the Freeradius-Users
mailing list