13 LDAP queries for one authorize!

Phil Mayers p.mayers at imperial.ac.uk
Fri Aug 24 17:21:30 CEST 2007


On Fri, 2007-08-24 at 13:49 +0200, Turbo Fredriksson wrote:
> Quoting Phil Mayers <p.mayers at imperial.ac.uk>:
> 
> > DEFAULT	FreeRadius-Proxied-To == 127.0.0.1, Autz-Type := "INNER"
> >
> > 1) proxy part makes sure that only INNER is called when its proxied to
> > 127.0.0.1
> 
> Ok, think I got this. Does it matter WHERE in the file this DEFAULT is?
> And is the keyword 'INNER' important? I.e. Can it be any word, or must it
> be just 'INNER' (uppercased and all)?

You'll need to understand how the "users" file is processed to grasp
that. Please see doc/processing_users_file for more info.

> 
> > 2) INNER Auth part ensures that the ldap module is only called for the
> > INNER part of the check...not for everything else. also very very useful
> > as it stops outer ID junk and debris from being checked.
> 
> What IS 'the INNER part' (may depend on the answer on my first question
> above) as opposed to 'the outer'? In context I get the general idea, but
> the actual definition on INNER and OUTER?

You're getting hung up on the specifics, which is probably my fault for
giving minimal info; Autz-Type is a general mechanism. Please see
doc/Autz-Type for more info.





More information about the Freeradius-Users mailing list