LDAP Accounting

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Dec 10 20:03:03 CET 2012 

On 10 Dec 2012, at 15:17, Olivier Beytrison <olivier at heliosnet.org> wrote:

> On 10.12.2012 14:30, Olivier Beytrison wrote:
>> On 10.12.2012 01:33, Arran Cudbard-Bell wrote:
>> 
>>> 	accounting {
>>> 		reference = "%{tolower:type.%{Acct-Status-Type}}"
>>> 		
>>> 		type {
>>> 			start {
>>> 				update {
>>> 					description := "Online at %S"
>>> 				}
>>> 			}
>>> 			
>>> 			interim-update {
>>> 				update {
>>> 					description := "Online at %S"
>>> 				}
>>> 			}
>>> 			
>>> 			stop {
>>> 				update {
>>> 					description := "Offline at %S"
>>> 				}
>>> 			}
>>> 		}
>>> 	}
>>> 
>> 
>> In the default ldap files, it is stated that we can use the following
>> section for post-auth :
>> post-auth {
>>    update {
>>      description := "Authenticated at %S"
>>    }
>>  }
>> but on run-time, it complains that the reference is not found.
>> 
>> (0)  - entering group post-auth {...}
>> rlm_ldap (ldap): Reserved connection (4)
>> (0) ldap :      expand: '.' -> '.'
>> WARNING: No such configuration item .
>> rlm_ldap (ldap): Released connection (4)
>> (0)   [ldap] = fail
>> 
>> post-auth{} and accounting{} don't have the exact same layout, so the
>> code need to adapt and not fail ;)
> 
> Based on my interpretation of the code which parse the configuration for
> the update part, i changed the post-auth to :
> 
> post-auth {
>        reference = "post-auth"
>        post-auth {
>                update {
>                        description := "Authenticated at %S"
>                }
>        }
> }
> 
> Now on run time it doesn't complain anymore about the reference being
> not present, but it segfaults :o

Hmm wow, oops, this is why you shouldn't write C when tired. Should all work now.

As an added bonus for your bug finding, it now supports ++, which is sort of undocumented but apparently supported according to comments in the OpenLDAP code.

 * Example:
 *	LDAPMod	*mods[] = { 
 *			{ LDAP_MOD_ADD, "cn", { "babs jensen", "babs", 0 } },
 *			{ LDAP_MOD_REPLACE, "sn", { "babs jensen", "babs", 0 } },
 *			{ LDAP_MOD_DELETE, "ou", 0 },
 *			{ LDAP_MOD_INCREMENT, "uidNumber, { "1", 0 } }
 *			0
 *		}

#define LDAP_MOD_ADD		(0x0000)
#define LDAP_MOD_DELETE		(0x0001)
#define LDAP_MOD_REPLACE	(0x0002)
#define LDAP_MOD_INCREMENT	(0x0003) /* OpenLDAP extension */

Guessed it'd be useful for maintaining a login counter or something...

-Arran

More information about the Freeradius-Devel mailing list