LDAP module

Alan DeKok aland at deployingradius.com
Wed May 2 16:55:13 CEST 2012


  I'm taking a look at the LDAP module.  It's rather more complicated
than I like.  I'm thinking of moving it to use the new connection pools.

  I have a first draft which uses the connection pool to open the
sockets.  But... the behavior of the module is hard to understand.  I'll
start off with my thoughts:

1) connection pool is working.  They don't *do* anything, but they connect

2) authentication.  The "bind as user" code is simple.  But what's with
the "perform_search" and "filter" stuff?  Why not use have a statically
configured user DN?

  I'd like to avoid some of the complexity of the current code.

  So is the user DN really some arbitrarily changing value?  Do you
really have to search over the entire DB for "uid=username" in order to
find the user?

  Alan DeKok.


More information about the Freeradius-Devel mailing list