Request about implementation of alternate authentication mechanism in freeradius

Josip Almasi joe at
Wed Apr 30 10:21:38 CEST 2014

On 04/29/2014 04:25 PM, Matthew Newton wrote:
> Unless I'm missing something, I don't understand yet why this
> needs additional code. Although ldap is a lookup database not
> really an auth mechanism, so you might do two lookups, then call
> pap in a redundant section, for example. But the theory is the
> same.

I had a simillar case. It wasn't about auth attributes though.
But the customer explicity required to lookup ldap subtree, and avoid 
multiple ldap queries.
The catch is, ldap schema changes may require downtime or significant 
load, and in production... well, people prefer sleep over work at night:)
Think reduced load on ldap server was less important, but it's nice side 
I have patch for 2.2 somewhere.

Interested in code anyone?


More information about the Freeradius-Devel mailing list