eDir Universal password implementation.
Olivier Beytrison
olivier at heliosnet.org
Fri Dec 7 15:04:34 CET 2012
On 07.12.2012 14:21, Alan DeKok wrote:
> Olivier Beytrison wrote:
>> What has to be done, and where I need some hints :
>> - Now that we have the cleartext-password, we're not going in the
>> ldap_authenticate anymore. In the past with Auth-Type=LDAP it was
>> possible, but setting Auth-Type=LDAP triggers a module_fail after the
>> rewrite.
>
> What does that mean?
Well I was wrong, if you use only universal password, you don't need to
got into ldap module during authenticate. But there was the post-auth
section to enforce edir account policy. Is it ok for you if I implement
it the same way (in post-auth) by re-using almost the same code as for
ldap_authenticate ?
>> - add the IFDEF NOVELL around the added code (i can do it that's ok)
>
> That's easy to do.
and it's done
>> - adapt the Makefile in order to compile edir_upwd.c only if configure
>> has --with-edir (need help on that point)
>
> That's easy to do.
Well I'll try to figure it out myself then ;)
>> - return an error in the debug if universal password is not found, but
>> do not fail the module (or should I ?)
>
> It should return a NOOP.
done
On a side not, because I'm also new to github, how can I sum up all the
changes in a single commit in order to make the pull request ?
Olivier
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mail: olivier at heliosnet.org
More information about the Freeradius-Devel
mailing list