LDAP Accounting

John Dennis jdennis at redhat.com
Mon Dec 10 16:27:44 CET 2012

On 12/09/2012 07:33 PM, Arran Cudbard-Bell wrote:
> Just pushed up a few patches to add LDAP accounting.

Just out of curiosity why are we adding support for "worst practice", 
shouldn't we be encouraging "best practice" via the choice of supported 

Maintaining accounting data in LDAP is an abuse of the LDAP design goals 
of "frequent lookup, infrequent modification". Databases were designed 
for the type of data management that radius accounting involves, 
directories were not. Accounting should be in a database, not a 
directory. Directories were designed to solve different problems. 
Maintaining authentication and identity information across an enterprise 
is exactly one of those problems LDAP was designed to handle which makes 
auth/authz lookups in a directory appropriate. Maintaining accounting 
information in a directory is not.

John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?

More information about the Freeradius-Devel mailing list