Authenticating groups via LDAP

Alan DeKok aland at deployingradius.com
Sat May 22 18:32:40 CEST 2010


John Dennis wrote:
> Alan I didn't see any open bugs on this, should we open one? Is this a
> planned modification for 2.2?

  Yes.

> I recall some discussion of this a while
> back on the mailing list. I suppose changing this is 2.1 would be a
> version violation. But it has such serious negative consequences I
> wonder if we shouldn't bite the bullet and change it in 2.1.9 before
> more people get bitten by this. But to be honest I'm not sure which is
> worse, an unexpected config file change on upgrade or mysterious
> *silent* failures after upgrade.

  I'd make the change in 2.1.10, if at all.  It's a relatively rare
problem compared to other issues seen regularly on the list.

> I think the RPM spec file (and the deb files) could include a script
> which would detect the an old modules directory layout and convert it to
> modules-{available,enabled} layout automatically during a package upgrade.

  Sure...

> Also, I was just looking at our RPM spec file and I noticed that files
> in /etc/raddb/sites-enabled (which should just be symlinks) are marked
> as config(noreplace) which means RPM will leave backup files there
> instead of treating sites-enabled as just a collection of symlinks to be
> left alone. I think this represents a packaging bug on my end. However I
> noticed the suse freeradius.spec file in the freeradius-server tarballs
> also have the exact same config(noreplace) in raddb/sites-enabled so
> that packaging bug seems universal.

  Sure.  Not everyone uses symlinks in sites-enabled.  Some put files
there directly.

  Alan DeKok.



More information about the Freeradius-Users mailing list