eDir Universal password implementation.
Olivier Beytrison
olivier at heliosnet.org
Sat Dec 8 17:20:04 CET 2012
On 07.12.2012 22:27, Peter Lambrechtsen wrote:
> Ahh fair enough, we map the loginDisabled and expirationDate to dummy
> VSAs and check it in FreeRadius rather than passing that back as part of
> a bind to LDAP. Helps save ~30ms from the Auth time, and with ~1mil
> subs in the LDAP database, that's time worth saving.
I would also be interested in this. Could you post a snippet of your
configuration ? Only difference with doing a bind, is that you don't
consume the loginGrace. Which might be a good thing actually. But the
complete check should be loginDisabled == false &&
(passwordExpirationTime > now || loginGraceRemaining > 0)
> Thanks for doing the work to add eDir support back in again. It "was"
> going to be one of our major stumbling blocks in moving to FR3.
Same here, I was blocked in my eduroam project (and my deadline is next
friday) so now at least I can move over and deploy the servers. Big
thanks to Alan for his job !
And I have to say that I have a lot of fun doing some code again :) I'll
continue to propose some minor fix/enhancement to FR3 as I deploy it.
Olivier
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mail: olivier at heliosnet.org
More information about the Freeradius-Devel
mailing list