Alan DeKok a écrit :
Guillaume Rousse wrote:
It does. But clarification between what's old and what's new syntax doesn't harm.
The new syntax is documented, and is preferred. If you try the old one (undocumented and deprecated), it works. What needs clarification? It is not documented in the rlm_ldap file shipped in top-level directory (at least for release 2.0.0). The fact that there is a huge redundancy between this file and comments in default configuration files doesn't help maintaining a reference documentation.
Right, but that seems to be only a syntax difference, refering to a named instance of the LDAP module. One would expect the code to be more robust, or at least the problem documented somewhere.
It is very difficult to determine what is *supposed* to happen inside of an authentication section. if you have suggestions for how to make that determination, I'm interested. No, especially as I got no clue about freeradius internals.
And the problem is documented: the debug log prints out a warning message, as you saw.
If I understand correctly, there no way to help the rlm_module understand I'm using it for autentication, as I use a complex synta, so I have to set it up explicitely, right ?
Yes.
In this case, I think this deserve some explanation in the rlm_ldap documentation, such as: "Warning, if the LDAP module is not directly referenced to in authentication section, such as a failover configuration using named aliases, this setting will be disabled".
The same problem applies to other modules, so it needs to be documented in one place. Indeed. -- Guillaume Rousse Moyens Informatiques - INRIA Futurs Tel: 01 69 35 69 62