LDAP attribute mapping
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Tue Oct 30 11:38:12 CET 2012
Quick poll.
For 3.0 the ldap module will be moving away from using the ldap.attrmap file and instead use a config based mapping.
There are a few ways we are considering for organising the mapping.
We can use something like the existing unlang:
update control {
Cleartext-Password := userpassword
}
update reply {
User-Name = radiusUserName
}
update outer.reply {
Reply-Message = radiusReplyMessage
}
Or something like rlm_rest and rlm_cache:
update {
control:Cleartext-Password := userpassword
reply:User-Name = radiusUserName
reply.outer:User-Name = radiusUserName
}
It really depends on whether people are actually using the full ldap.attrmap, or whether they're just pulling out one or two attributes. Each approach is as efficient as the other performance wise, so it comes down to which one people prefer.
Any thoughts?
-Arran
More information about the Freeradius-Users
mailing list