eDir Universal password implementation.

Olivier Beytrison olivier at heliosnet.org
Fri Dec 7 15:04:34 CET 2012

On 07.12.2012 14:21, Alan DeKok wrote:
> Olivier Beytrison wrote: 
>> What has to be done, and where I need some hints :
>> - Now that we have the cleartext-password, we're not going in the
>> ldap_authenticate anymore. In the past with Auth-Type=LDAP it was
>> possible, but setting Auth-Type=LDAP triggers a module_fail after the
>> rewrite.
>   What does that mean?

Well I was wrong, if you use only universal password, you don't need to
got into ldap module during authenticate. But there was the post-auth
section to enforce edir account policy. Is it ok for you if I implement
it the same way (in post-auth) by re-using almost the same code as for
ldap_authenticate ?

>> - add the IFDEF NOVELL around the added code (i can do it that's ok)
>   That's easy to do.

and it's done
>> - adapt the Makefile in order to compile edir_upwd.c only if configure
>> has --with-edir (need help on that point)
>   That's easy to do.

Well I'll try to figure it out myself then ;)

>> - return an error in the debug if universal password is not found, but
>> do not fail the module (or should I ?)
>   It should return a NOOP.


On a side not, because I'm also new to github, how can I sum up all the
changes in a single commit in order to make the pull request ?


 Olivier Beytrison
 Network & Security Engineer, HES-SO Fribourg
 Mail: olivier at heliosnet.org

More information about the Freeradius-Devel mailing list