FreeRADIUS + OpenLDAP for accounting
Phil Mayers
p.mayers at imperial.ac.uk
Sat Feb 3 19:47:43 CET 2007
Peter Micunek wrote:
> The proxy cannot speak to an SQL server.
Then it's very poor software, and my advice would be to look elsewhere.
>
> Do you know some LDAP-SQL proxy which listen on LDAP server port and
> convert LDAP request to SQL and vice versa.
OpenLDAP will do this, but it's not suitable for your needs (see below)
>
> Also, I am considering to use:
>
> NAS ---> FreeRADIUS (rlm_sql_mysql) ---> MySQL DB <---> OpenLDAP with
> slapd-sql <---> LDAP client
>
> what do you think about this?
I am not an OpenLDAP expert any more, but the last time I investigated
this you could not modify the SQL database "underneath" slapd-sql
because of the servers caching. You had to make modifications via LDAP.
If you really need FreeRadius accounting to perform an
ldapadd/ldapmodify I suggest you use Exec-Program in the "acct_users"
file, but be prepared for it to go slowly and break a lot.
>
> regards,
> Peter Micunek
>
>
> On 2/3/07, *Phil Mayers* <p.mayers at imperial.ac.uk
> <mailto:p.mayers at imperial.ac.uk>> wrote:
>
> Peter Micunek wrote:
> > A problem is that this proxy know IP address of customer instead of
> > MSISDN and unfortunately cannot use a RADIUS to
> > obtain the MSISDN from another source. This proxy is able to use only
> > the LDAP request with IP of customer and then
>
> FreeRadius can't write to (account to) an LDAP directory.
>
> It's a fundamentally bad idea to do lots of writes to LDAP. Most LDAP
> servers are heavily read-optimised - not write.
>
> Can the proxy speak to an SQL server?
>
> If not, you could use an Exec-Program attribute in the "acct_users"
> file
> to run "ldapmodify"
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list