FreeRADIUS + OpenLDAP for accounting

Phil Mayers p.mayers at
Sat Feb 3 19:47:43 CET 2007

Peter Micunek wrote:
> The proxy cannot speak to an SQL server.

Then it's very poor software, and my advice would be to look elsewhere.

> Do you know some LDAP-SQL proxy which listen on LDAP server  port  and 
> convert  LDAP  request  to  SQL  and vice versa.

OpenLDAP will do this, but it's not suitable for your needs (see below)

> Also, I am considering to use:
> NAS ---> FreeRADIUS (rlm_sql_mysql) ---> MySQL DB <--->  OpenLDAP with 
> slapd-sql <---> LDAP client
> what do you think about this?

I am not an OpenLDAP expert any more, but the last time I investigated 
this you could not modify the SQL database "underneath" slapd-sql 
because of the servers caching. You had to make modifications via LDAP.

If you really need FreeRadius accounting to perform an 
ldapadd/ldapmodify I suggest you use Exec-Program in the "acct_users" 
file, but be prepared for it to go slowly and break a lot.

> regards,
> Peter Micunek
> On 2/3/07, *Phil Mayers* <p.mayers at 
> <mailto:p.mayers at>> wrote:
>     Peter Micunek wrote:
>      > A problem is that this proxy know IP address of customer instead of
>      > MSISDN and unfortunately cannot use a RADIUS to
>      > obtain the MSISDN from another source. This proxy is able to use only
>      > the LDAP request with IP of customer and then
>     FreeRadius can't write to (account to) an LDAP directory.
>     It's a fundamentally bad idea to do lots of writes to LDAP. Most LDAP
>     servers are heavily read-optimised - not write.
>     Can the proxy speak to an SQL server?
>     If not, you could use an Exec-Program attribute in the "acct_users"
>     file
>     to run "ldapmodify"
>     -
>     List info/subscribe/unsubscribe? See
> ------------------------------------------------------------------------
> - 
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list