On 04/26/2010 12:31 PM, Alan DeKok wrote:
Alexander Clouter wrote:
Hi,
Looks like the rlm_ldap module ignores 'password_radius_attribute'[1] so something like the following completely untested patch is needed. The Novhell eDirectory code probably needs tweaking also to honour this variable, or alternatively remove 'password_radius_attribute' altogether
That would be the preferable choice.
Nearly *all* of the "special" handling of passwords in rlm_ldap should be deleted. The "ldap.attrmap" file should be used instead.
As of 2.1.x, the only reason that rlm_ldap treats passwords as "special" is for historical reasons.
Yeah, rlm_ldap needs some clean up. FWIW, I have patches laying around that adds both SASL & Kerberos authentication to the LDAP server and adds support for keeping the NAS client list in LDAP (much like rlm_sql does). If I can get some free cycles I'll help cleaning up rlm_ldap and adding some new functionality to it. -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/