LDAP module

Alan DeKok aland at deployingradius.com
Thu May 3 09:03:01 CEST 2012

Alister Winfield wrote:
> Sometimes you just don't want to hard code the DN.... normally its when you have a reasonably large set of possible DNs to choose from especially if there isn't the appetite to remap/rebuild the structure of the LDAP directory to conform to a RADIUS friendly way of structuring things. Also its a really easy to filter out users based on attributes of their entry in the directory. eg a filter like ((cn=%user%) (status=active) (class=radiususer)) isn't an unusual thing to consider having.

  OK.  I'm looking at re-doing the LDAP module for 3.0.  The new
connection pool API makes it simpler.  De-duplicating the code is a good
idea, too.

  I wanted to make sure I understood it, and didn't break anything.

  What *will* likely go away is the eDir functionality.  That code is
*horrible*.  I don't run eDirectory, so I can't test it, either.

  I'm OK with adding it back in again.  But I can't do the work.

  Alan DeKok.

More information about the Freeradius-Devel mailing list