LDAP attribute mapping

Bruce Nunn ironrake at yahoo.com
Tue Oct 30 12:16:50 CET 2012


I pull out only the attributes I need and change ldap.attrmap to match my schema. Personally, I can live with either config method.

Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:

>Quick poll.
>
>For 3.0 the ldap module will be moving away from using the ldap.attrmap file and instead use a config based mapping.
>
>There are a few ways we are considering for organising the mapping.
>
>We can use something like the existing unlang:
>
>update control {
>	Cleartext-Password := userpassword
>}
>
>update reply {
>	User-Name = radiusUserName
>}
>
>update outer.reply {
>	Reply-Message = radiusReplyMessage
>}
>
>Or something like rlm_rest  and rlm_cache:
>
>update {
>	control:Cleartext-Password := userpassword
>	reply:User-Name = radiusUserName
>	reply.outer:User-Name = radiusUserName
>}
>
>It really depends on whether people are actually using the full ldap.attrmap, or whether they're just pulling out one or two attributes. Each approach is as efficient as the other performance wise, so it comes down to which one people prefer.
>
>Any thoughts?
>
>-Arran
>
>
>
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list