LDAP attribute mapping

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Oct 30 11:38:12 CET 2012

Quick poll.

For 3.0 the ldap module will be moving away from using the ldap.attrmap file and instead use a config based mapping.

There are a few ways we are considering for organising the mapping.

We can use something like the existing unlang:

update control {
	Cleartext-Password := userpassword

update reply {
	User-Name = radiusUserName

update outer.reply {
	Reply-Message = radiusReplyMessage

Or something like rlm_rest  and rlm_cache:

update {
	control:Cleartext-Password := userpassword
	reply:User-Name = radiusUserName
	reply.outer:User-Name = radiusUserName

It really depends on whether people are actually using the full ldap.attrmap, or whether they're just pulling out one or two attributes. Each approach is as efficient as the other performance wise, so it comes down to which one people prefer.

Any thoughts?


More information about the Freeradius-Users mailing list