jdennis at redhat.com
Mon Dec 10 16:27:44 CET 2012
On 12/09/2012 07:33 PM, Arran Cudbard-Bell wrote:
> Just pushed up a few patches to add LDAP accounting.
Just out of curiosity why are we adding support for "worst practice",
shouldn't we be encouraging "best practice" via the choice of supported
Maintaining accounting data in LDAP is an abuse of the LDAP design goals
of "frequent lookup, infrequent modification". Databases were designed
for the type of data management that radius accounting involves,
directories were not. Accounting should be in a database, not a
directory. Directories were designed to solve different problems.
Maintaining authentication and identity information across an enterprise
is exactly one of those problems LDAP was designed to handle which makes
auth/authz lookups in a directory appropriate. Maintaining accounting
information in a directory is not.
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
More information about the Freeradius-Devel