Request about implementation of alternate authentication mechanism in freeradius
Josip Almasi
joe at vrspace.org
Wed Apr 30 10:21:38 CEST 2014
On 04/29/2014 04:25 PM, Matthew Newton wrote:
>
> Unless I'm missing something, I don't understand yet why this
> needs additional code. Although ldap is a lookup database not
> really an auth mechanism, so you might do two lookups, then call
> pap in a redundant section, for example. But the theory is the
> same.
I had a simillar case. It wasn't about auth attributes though.
But the customer explicity required to lookup ldap subtree, and avoid
multiple ldap queries.
The catch is, ldap schema changes may require downtime or significant
load, and in production... well, people prefer sleep over work at night:)
Think reduced load on ldap server was less important, but it's nice side
effect.
I have patch for 2.2 somewhere.
Interested in code anyone?
Regards...
More information about the Freeradius-Devel
mailing list