On 07.12.2012 22:27, Peter Lambrechtsen wrote:
Ahh fair enough, we map the loginDisabled and expirationDate to dummy VSAs and check it in FreeRadius rather than passing that back as part of a bind to LDAP. Helps save ~30ms from the Auth time, and with ~1mil subs in the LDAP database, that's time worth saving.
I would also be interested in this. Could you post a snippet of your configuration ? Only difference with doing a bind, is that you don't consume the loginGrace. Which might be a good thing actually. But the complete check should be loginDisabled == false && (passwordExpirationTime > now || loginGraceRemaining > 0)
Thanks for doing the work to add eDir support back in again. It "was" going to be one of our major stumbling blocks in moving to FR3.
Same here, I was blocked in my eduroam project (and my deadline is next friday) so now at least I can move over and deploy the servers. Big thanks to Alan for his job ! And I have to say that I have a lot of fun doing some code again :) I'll continue to propose some minor fix/enhancement to FR3 as I deploy it. Olivier -- Olivier Beytrison Network & Security Engineer, HES-SO Fribourg Mail: olivier@heliosnet.org