FreeRADIUS + OpenLDAP for accounting

Peter Micunek peter.micunek at gmail.com
Sat Feb 3 20:32:42 CET 2007


Thanx a lot

I supposed this and definitely I will ask our vendor  for modification of
the interface

regards,
Peter Micunek

On 2/3/07, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>
> Peter Micunek wrote:
> > The proxy cannot speak to an SQL server.
>
> Then it's very poor software, and my advice would be to look elsewhere.
>
> >
> > Do you know some LDAP-SQL proxy which listen on LDAP server  port  and
> > convert  LDAP  request  to  SQL  and vice versa.
>
> OpenLDAP will do this, but it's not suitable for your needs (see below)
>
> >
> > Also, I am considering to use:
> >
> > NAS ---> FreeRADIUS (rlm_sql_mysql) ---> MySQL DB <--->  OpenLDAP with
> > slapd-sql <---> LDAP client
> >
> > what do you think about this?
>
> I am not an OpenLDAP expert any more, but the last time I investigated
> this you could not modify the SQL database "underneath" slapd-sql
> because of the servers caching. You had to make modifications via LDAP.
>
> If you really need FreeRadius accounting to perform an
> ldapadd/ldapmodify I suggest you use Exec-Program in the "acct_users"
> file, but be prepared for it to go slowly and break a lot.
>
> >
> > regards,
> > Peter Micunek
> >
> >
> > On 2/3/07, *Phil Mayers* <p.mayers at imperial.ac.uk
> > <mailto:p.mayers at imperial.ac.uk>> wrote:
> >
> >     Peter Micunek wrote:
> >      > A problem is that this proxy know IP address of customer instead
> of
> >      > MSISDN and unfortunately cannot use a RADIUS to
> >      > obtain the MSISDN from another source. This proxy is able to use
> only
> >      > the LDAP request with IP of customer and then
> >
> >     FreeRadius can't write to (account to) an LDAP directory.
> >
> >     It's a fundamentally bad idea to do lots of writes to LDAP. Most
> LDAP
> >     servers are heavily read-optimised - not write.
> >
> >     Can the proxy speak to an SQL server?
> >
> >     If not, you could use an Exec-Program attribute in the "acct_users"
> >     file
> >     to run "ldapmodify"
> >     -
> >     List info/subscribe/unsubscribe? See
> >     http://www.freeradius.org/list/users.html
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070203/a2f32460/attachment.html>


More information about the Freeradius-Users mailing list