LDAP Accounting

Olivier Beytrison olivier at heliosnet.org
Mon Dec 10 14:30:50 CET 2012

On 10.12.2012 12:52, Arran Cudbard-Bell wrote:
> Behaviour change for eDir users in 3.0, if you just want to do auth/autz you should remove the call to ldap in post-auth, and set edir_autz = "yes" in the LDAP config.
> This is more efficient, and frees up Post-Auth for doing accounting stuff.

I'm deploying it and will report the tests results.

on a side note, got two new warning for rlm_ldap.c

src/modules/rlm_ldap/rlm_ldap.c: In function ‘ldap_conn_create’:
src/modules/rlm_ldap/rlm_ldap.c:563:2: warning: implicit declaration of
function ‘ldap_int_tls_config’ [-Wimplicit-function-declaration]
src/modules/rlm_ldap/rlm_ldap.c: In function ‘user_modify’:
src/modules/rlm_ldap/rlm_ldap.c:2248:22: warning: assignment discards
‘const’ qualifier from pointer target type [enabled by default]
src/modules/rlm_ldap/rlm_ldap.c: In function ‘ldap_authorize’:
src/modules/rlm_ldap/rlm_ldap.c:2028:5: warning: ‘user_dn’ may be used
uninitialized in this function [-Wuninitialized]


 Olivier Beytrison
 Network & Security Engineer, HES-SO Fribourg
 Mobile: +41 (0)78 619 73 53
 Mail: olivier at heliosnet.org

More information about the Freeradius-Devel mailing list