rlm_ldap ignores password_radius_attribute
John Dennis
jdennis at redhat.com
Mon Apr 26 19:20:09 CEST 2010
On 04/26/2010 12:31 PM, Alan DeKok wrote:
> Alexander Clouter wrote:
>> Hi,
>>
>> Looks like the rlm_ldap module ignores 'password_radius_attribute'[1] so
>> something like the following completely untested patch is needed. The
>> Novhell eDirectory code probably needs tweaking also to honour this
>> variable, or alternatively remove 'password_radius_attribute' altogether
>
> That would be the preferable choice.
>
> Nearly *all* of the "special" handling of passwords in rlm_ldap should
> be deleted. The "ldap.attrmap" file should be used instead.
>
> As of 2.1.x, the only reason that rlm_ldap treats passwords as
> "special" is for historical reasons.
Yeah, rlm_ldap needs some clean up.
FWIW, I have patches laying around that adds both SASL & Kerberos
authentication to the LDAP server and adds support for keeping the NAS
client list in LDAP (much like rlm_sql does).
If I can get some free cycles I'll help cleaning up rlm_ldap and adding
some new functionality to it.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Devel
mailing list