LDAP Accounting
Olivier Beytrison
olivier at heliosnet.org
Tue Dec 11 15:42:14 CET 2012
On 11.12.2012 15:37, Arran Cudbard-Bell wrote:
>>>> and for the := set operator on multi-valued ldap attribute, we could
>>>> implement something like <attr> := <old-value>:<new-value>.
>>>> But that's pushing thing too far in my opinion ...
>>>
>>> Oh is that why it replaces everything?
>>>
>>> Do you know how to represent that in the mods struct?
>>
>> you pointed it out in a previous mail
>> { LDAP_MOD_REPLACE, "sn", { "babs jensen", "babs", 0 } },
>> "old value", "new value", 0
>> same goes for LDAP_MOD_ADD, but in that case it operates the same way as
>> REPLACE. if attribute with old value exists, replace with new value,
>> otherwise create it. so not worth implementing it imho
>
> Blerg, you'd have to escape and unescape : in xlat expansions but yes, I guess it should be possible.
>
> AFAIK the conffile API doesnt allow you to create multivalued attributes.
that's why I think that's not something we should focus too much on. The
actual way it works already allows quite some possibilities. Let's see
if user request something like that.
I've enough played with the code. I shall now begin deploying FR3 (3
days left until deadline :o)
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mobile: +41 (0)78 619 73 53
Mail: olivier at heliosnet.org
More information about the Freeradius-Devel
mailing list