LDAP sync frontend in v4.0.x

Arran Cudbard-Bell a.cudbardb at freeradius.org
Thu Apr 27 02:26:36 CEST 2017


Fancied taking a break from refactoring in v4.0.x.

https://github.org/FreeRADIUS/freeradius-server/blob/v4.0.x/raddb/sites-available/ldap_sync

The idea is that you can "listen" on DNs within your LDAP directory.

You then use the updates you receive to create/invalidate cache entries, or send CoA/DM messages to reflect the changes that have occurred in LDAP.

Feel free to try it out, with the normal caveats about v4.0.x.

Cookie synthesis isn't there yet, but isn't too hard for OpenLDAP.

It'd really help if people using directories other than OpenLDAP that support RFC 4533 could provide their cookie blobs, and an export of their rootDSE with operational attributes.

I can then add cookie synthesis for those directories, which'll allow you to do the initial sync without downloading a complete copy of the directory first.

-Arran


Arran Cudbard-Bell
FreeRADIUS Core Developer

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170426/576bf4a4/attachment.sig>


More information about the Freeradius-Users mailing list