some patches for branch v2.1.x

Oliver Schröder oliver.schroeder at versatel.de
Wed Aug 17 10:38:31 CEST 2011 

While migrating the configuration of our commercial radius to freeradius 
I needed to customise (parts of) the freeradius sources to our needs. 
Perhaps those patches are useful for others, so I want to contribute 
them and ask if you are willing to accept them:

rlm_linelog:

The original module does not create parent directories when needed. The 
patch fixes this behavior, so you can define filenames for logging like:
	filename = ${logdir}/whatever/%Y/%m/detail.%d

This patch is trivial and has no effects to in-use installations.


rlm_ldap:

Our LDAP scheme provides 4 data fields, two for check-items and two for 
reply-items (RadiusReplyattrDSL/RadiusCheckattrDSL and 
RadiusReplyattr/RadiusCheckattr). Those fields contain attributes/value 
pairs in one row, eg:
RadiusReplyattrDSL: Framed-IP-Address = 1.2.3.4, Session-Timeout = 
86400, Uni-Egress-Policy-Name="pol6144",Uni-Ingress-Policy-Name="pol512"
Which pair is used depends on values found in the request, i.e. if the 
request was sent by a BRAS then RadiusReplyattrDSL/RadiusCheckattrDSL 
are used, if sent by a (ISDN-) NAS then RadiusReplyattr/RadiusCheckattr 
are used. So I needed a way to extract those one-liners to a list of 
attribute/value pairs.
To avoid rlm_perl I patched rlm_ldap, so you can configure the rows to 
use via configuration, especially in the hints file. While working on 
this module I also found it useful to be able to set the basedn via 
hints. So you can additionally provide the basedn:

DEFAULT NAS-IP-Address =~ "(1.2.3.4|4.3.2.1)"
	LDap-basedn             := "ou=Service-11200,ou=people,dc=company,dc=com",
	LDap-Multimap-reply     := "RadiusReplyattrDSL",
	LDap-Multimap-check     := "RadiusCheckattrDSL"

rlm_ldap will then look for values in these fields and attach them to 
the reply set.


rlm_translate:

Additionally I found it useful to have the functionality of the unix 
'tr' command in freeradius so I wrote rlm_translate. This module 
implements the full tr functionality as a freeradius module. The module 
configuration looks like:

translate username_tolower {
         attribute = "User-Name"
         searchin = packet
         set1 = "A-Z"
         set2 = "a-z"
         complement = no
         translate = yes
         squeeze = no
         delete = no
}


I know those changes are not vital but I believe useful. If you like 
them I will provide (git-) .diff files. Currently I'm going with v2.1.x 
but can provide diffs for 3.x, too.

What do you think?

Regards,
Oliver

More information about the Freeradius-Devel mailing list