Re: FreeRADIUS + OpenLDAP for accounting
Peter Micunek wrote:
The proxy cannot speak to an SQL server.
Then it's very poor software, and my advice would be to look elsewhere.
Do you know some LDAP-SQL proxy which listen on LDAP server port and
convert LDAP request to SQL and vice versa.
OpenLDAP will do this, but it's not suitable for your needs (see below)
Also, I am considering to use:
NAS ---> FreeRADIUS (rlm_sql_mysql) ---> MySQL DB <---> OpenLDAP with
slapd-sql <---> LDAP client
what do you think about this?
I am not an OpenLDAP expert any more, but the last time I investigated
this you could not modify the SQL database "underneath" slapd-sql
because of the servers caching. You had to make modifications via LDAP.
If you really need FreeRadius accounting to perform an
ldapadd/ldapmodify I suggest you use Exec-Program in the "acct_users"
file, but be prepared for it to go slowly and break a lot.
regards,
Peter Micunek
On 2/3/07, *Phil Mayers* <p.mayers@imperial.ac.uk
<mailto:p.mayers@imperial.ac.uk>> wrote:
Peter Micunek wrote:
> A problem is that this proxy know IP address of customer instead of
> MSISDN and unfortunately cannot use a RADIUS to
> obtain the MSISDN from another source. This proxy is able to use only
> the LDAP request with IP of customer and then
FreeRadius can't write to (account to) an LDAP directory.
It's a fundamentally bad idea to do lots of writes to LDAP. Most LDAP
servers are heavily read-optimised - not write.
Can the proxy speak to an SQL server?
If not, you could use an Exec-Program attribute in the "acct_users"
file
to run "ldapmodify"
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.