eDir Universal password implementation.

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Dec 7 15:59:37 CET 2012


On 7 Dec 2012, at 14:04, Olivier Beytrison <olivier at heliosnet.org> wrote:

> On 07.12.2012 14:21, Alan DeKok wrote:
>> Olivier Beytrison wrote: 
>>> What has to be done, and where I need some hints :
>>> - Now that we have the cleartext-password, we're not going in the
>>> ldap_authenticate anymore. In the past with Auth-Type=LDAP it was
>>> possible, but setting Auth-Type=LDAP triggers a module_fail after the
>>> rewrite.
>> 
>>  What does that mean?
> 
> Well I was wrong, if you use only universal password, you don't need to
> got into ldap module during authenticate. But there was the post-auth
> section to enforce edir account policy. Is it ok for you if I implement
> it the same way (in post-auth) by re-using almost the same code as for
> ldap_authenticate ?
> 
>>> - add the IFDEF NOVELL around the added code (i can do it that's ok)
>> 
>>  That's easy to do.
> 
> and it's done
>>> - adapt the Makefile in order to compile edir_upwd.c only if configure
>>> has --with-edir (need help on that point)
>> 
>>  That's easy to do.
> 
> Well I'll try to figure it out myself then ;)

The option is already there just add a substituion in Makefile.in and all.mk
for @edir@

https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_ldap/all.mk.in#L7

Would be:

SOURCES		:= $(TARGETNAME).c @edir@

If it's built --with-edir @edir@ will be expanded to edir_ldapext.c

If --with-edir is passed -DNOVELL_UNIVERSAL_PASSWORD -DNOVELL will also be added to module CFLAGS.

> 
>>> - return an error in the debug if universal password is not found, but
>>> do not fail the module (or should I ?)
>> 
>>  It should return a NOOP.
> 
> done
> 
> On a side not, because I'm also new to github, how can I sum up all the
> changes in a single commit in order to make the pull request ?

git rebase -i HEAD~<number of commits you want to squash>

Change the start of the commit lines you want to squash to 'f'

Git push --force origin master

then you can just do a pull request for your master branch on the github website.

-Arran



More information about the Freeradius-Devel mailing list