FR Developer for hire: Adding Accounting support to the rlm_ldap module?
Sakthi Ulaganathan
sakthi.u at gmail.com
Thu May 3 12:18:40 CEST 2012
Hi Peter,
I have three plus years of experience in Free Radius and Cisco Access
Registrar (AAA server) specialized on LDAP client and server side
I'm interested to do the work of LDAP accounting write-ups. I can be paid
My expectation and work completion would be in 10 days and $1000
Thanks,
Sakthi
+91 9032908542
On Thu, May 3, 2012 at 2:39 PM, Peter Lambrechtsen <peter at crypt.co.nz>wrote:
> Hello
>
> I was wanting to know if someone would be interested in being paid to add
> "accounting" support into the RLM_LDAP module.
>
> For this I am wanting when calling the ldap module during the "accounting"
> section so it can update/delete records in the LDAP directory based on the
> Acct-Status-Type and using a new field type into the ldap.attrmap. Ideally
> I would be looking for when you get an accounting Start it adds or updates
> an attribute, for an Interim-Update also add/update and for a Stop then
> removes the attribute.
>
> In the ldap.attrmap the following ItemType should be extended to support
> both accounting start / interim update and stop verbs over and above the
> current checkItem/replyItem.
>
> checkItem NAS-IP-Address radiusNASIpAddress
> replyItem Framed-IP-Address radiusIpAddress
> acctStartItem NAS-Port-Id radiusNASPortId
> acctIntUpdItem NAS-Port-Id radiusNASPortId
> acctStopItem NAS-Port-Id radiusNASPortId
>
> This would mean that when an accounting start packet came through the same
> LDAP Filter lookup used for the authenticate & authorize would be done for
> the customer record and query for the acctStartItem attributes if the
> accounting request had the matching VSA then the LDAP Module would do a
> LDAP replace attribute or if the attribute didn't exist do a ldap add
> attribute. The same applies for an Interim-Update and subsequently for a
> stop packet remove the attribute from the directory if it exists.
> The wrinkle with LDAP is you can't always do a LDAP add, you need to use
> replace if the attribute exists.
>
> I've written this in Perl and it works reasonably well but it would be
> ideal to have this working inside ldap as then the custom perl code I wrote
> wouldn't be needed. Below is the perl i've written.
>
> my $ldap = Net::LDAP->new ( "127.0.0.1" ) or die "$@";
> my $mesg = $ldap->bind ( "cn=admin,o=admin", password => "password",
> version => 3 );
> my $attrs = [ 'radiusNASPortId' ];
> my $result = $ldap->search ( base => "o=Identities", scope => "sub",
> filter =>
> "(radiusRemoteID=$RAD_REQUEST{'ADSL-Agent-Remote-Id'})",
> attrs => $attrs );
> my $attrcount = $result->count;
> if ($result->count > 0) {
> my @entries = $result->entries;
> my $userdn = @entries[0]->dn;
> my $sessionfound = @entries[0]->exists('radiusNASPortId');
> if ( $RAD_REQUEST{'Acct-Status-Type'} =~ "Start" ) {
> if ( @entries[0]->exists('radiusNASPortId') ) {
> my $newresult = $ldap->modify($userdn , replace => {
> 'radiusNASPortId' => "$RAD_REQUEST{'NAS-Port-Id'}" } );
> } else {
> my $newresult = $ldap->modify($userdn , add => {
> 'radiusNASPortId' => "$RAD_REQUEST{'NAS-Port-Id'}" } );
> }
> }
> if ( $RAD_REQUEST{'Acct-Status-Type'} =~ "Stop" ) {
> if ( @entries[0]->exists('radiusNASPortId') ) {
> my $newresult = $ldap->modify($userdn , delete => {
> 'radiusNASPortId' => [] } );
> }
> }
> }
>
> To get someone who is familiar with the freeradius code base and can write
> code which would be acceptable to be committed back into the mainline FR
> codebase as this should be code contributed back to the community.
>
> How much development effort would be required (x days?) and who would be
> interested in being paid (and how much) to do the work?
>
> Feel free to email me directly off list if you're interested.
>
> Cheers
>
> Peter
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20120503/06b04aaa/attachment.html>
More information about the Freeradius-Devel
mailing list