Logging the return code from the ldap authentication to SQL.
Alexander Clouter
alex at digriz.org.uk
Mon Mar 23 22:06:46 CET 2009
Alan DeKok <aland at deployingradius.com> wrote:
>
> Augusto G. Andreollo wrote:
>> Hmm.. thing is, the post-auth sql query is already being processed, to
>> log the Access-Reject..
>
> Yes.. I know. But the return code from the LDAP module in the
> *authorize* section is lost by then.
>
>> Is there any other way I could extract the
>> rejection reason from the LDAP module, to add to this query?
>
> It's not in the LDAP module.
>
> See src/main/modcall.c for the code that handles calling modules, and
> the return codes. If you really need this functionality, send a patch.
>
I did. It's bitrotting in your bug database; currently offline so
obviously I cannot pull out a linky. It make xlat module failure aware,
it's an intrusive patch but works for us and gives us LDAP failover
support cleanly.
Same goes for bug #544, to provide the ldap DN when needed[1]. :( If you
look back in your personal INBOX (if you go back that far) to Sept 1st
2008 you will see this patch being referred to.
All my patches live on my dumper space:
http://stuff.digriz.org.uk/freeradius/
Cheers
[1] it pains me this patch is not there, the LDAP maintainer seems AWOL
and no one will touch it <insert grumble/>
--
Alexander Clouter
.sigmonster says: Marriage is the waste-paper basket of the emotions.
More information about the Freeradius-Users
mailing list