Server side sort controls in rlm_ldap
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Sat Apr 11 19:58:01 CEST 2015
Minor new feature in rlm_ldap.
Server side sort controls can now be specified if the server is built against OpenLDAP's libldap.
The controls are marked as critical, so will cause the search to fail if they're not allowed. It's assumed if you've enabled them, you'll know your server supports server side sort controls, or at least, will test, to make sure they work.
The idea is to be able to specify a filter that resolves to multiple user objects, and then sort them based on attributes. The entry appearing first in the result set is the one that's used, the rest are discarded.
This allows default users to be created with lower precedence than objects which relate to real users.
You may find, depending on the LDAP server, that the ordering of the results are dependent on the ordering of the conditions in the filter, in which case server side sorting will not be required.
Example here:
https://github.com/FreeRADIUS/freeradius-server/blob/v3.1.x/raddb/mods-available/ldap#L175
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150411/6789d960/attachment.sig>
More information about the Freeradius-Users
mailing list