aland at deployingradius.com
Mon Dec 10 16:59:02 CET 2012
John Dennis wrote:
> Just out of curiosity why are we adding support for "worst practice",
> shouldn't we be encouraging "best practice" via the choice of supported
> Maintaining accounting data in LDAP is an abuse of the LDAP design goals
> of "frequent lookup, infrequent modification". Databases were designed
> for the type of data management that radius accounting involves,
> directories were not. Accounting should be in a database, not a
> directory. Directories were designed to solve different problems.
> Maintaining authentication and identity information across an enterprise
> is exactly one of those problems LDAP was designed to handle which makes
> auth/authz lookups in a directory appropriate. Maintaining accounting
> information in a directory is not.
That's all well and good. The current configuration allows for
storing "last login" time. That's well within the traditional use of LDAP:
I agree doing more than that would be bad.
More information about the Freeradius-Devel