New LDAP module in "master"

Arran Cudbard-Bell a.cudbardb at
Mon Jan 21 20:00:59 CET 2013

On 13 Nov 2012, at 20:47, Alan DeKok <aland at DEPLOYINGRADIUS.COM> wrote:

> Peter Lambrechtsen wrote:
>> We use the eDir module within FreeRadius quite heavily so wouldn't want
>> to loose that functionality.
>  I understand.
>> If you have a RHEL (or Centos), SLES or Solaris instance then it's
>> pretty straight forward how to test if the eDirectory Universal Password
>> functionality is functional or not.  You can easily download eDirectory
>> from <> and I can help
>> with the few steps required to get a working instance after that.
>  I'll see, but I can't make any promises.  I'm busy with other work,
> and eDir isn't something I use at all.  Maybe someone else on the list
> can help.
>  Most of the relevant code is in edir_ldapext.c.  That hasn't changed.
> I *would* want it to be formatted correctly, though.
>  And the whole "apc_conns" craziness needs to go away.  There's no need
> for it. in the new module.  That should simplify the code.
>  The "passwd_attr" code is gone.  It wasn't necessary, and deleting it
> simplifies the server.  Instead, the module should have a simple boolean
> "edir = yes / no".
>  I think in the end the code changes aren't much.  They just require a
> bit of time and effort.
>  The rest of the LDAP module was changed for performance, simplicity,
> and maintainability.  The new code is much better than the old.

Just to conclude this thread. Edir support was added back into the module, but was changed slightly. 

Users upgrading from 2.0.0 who used to call the ldap module in post-auth should now set edir_autz = yes, and remove the post-auth call.


More information about the Freeradius-Devel mailing list