Alan DeKok <aland@deployingradius.com> wrote:
Augusto G. Andreollo wrote:
Hmm.. thing is, the post-auth sql query is already being processed, to log the Access-Reject..
Yes.. I know. But the return code from the LDAP module in the *authorize* section is lost by then.
Is there any other way I could extract the rejection reason from the LDAP module, to add to this query?
It's not in the LDAP module.
See src/main/modcall.c for the code that handles calling modules, and the return codes. If you really need this functionality, send a patch.
I did. It's bitrotting in your bug database; currently offline so obviously I cannot pull out a linky. It make xlat module failure aware, it's an intrusive patch but works for us and gives us LDAP failover support cleanly. Same goes for bug #544, to provide the ldap DN when needed[1]. :( If you look back in your personal INBOX (if you go back that far) to Sept 1st 2008 you will see this patch being referred to. All my patches live on my dumper space: http://stuff.digriz.org.uk/freeradius/ Cheers [1] it pains me this patch is not there, the LDAP maintainer seems AWOL and no one will touch it <insert grumble/> -- Alexander Clouter .sigmonster says: Marriage is the waste-paper basket of the emotions.