LDAP attribute mapping
John Dennis
jdennis at redhat.com
Tue Oct 30 14:00:12 CET 2012
On 10/30/2012 06:38 AM, Arran Cudbard-Bell wrote:
> Quick poll.
>
> For 3.0 the ldap module will be moving away from using the
> ldap.attrmap file and instead use a config based mapping.
>
> There are a few ways we are considering for organising the mapping.
>
> We can use something like the existing unlang:
>
> Or something like rlm_rest and rlm_cache:
>
> It really depends on whether people are actually using the full
> ldap.attrmap, or whether they're just pulling out one or two
> attributes. Each approach is as efficient as the other performance
> wise, so it comes down to which one people prefer.
>
> Any thoughts?
What I'd like to see is the individual modules converging on common
behavior so there is a consistent model.
I suspect a number of the modules were written independently and
contributed, their diverse heritage makes for some awkwardness when
viewing the totality of FreeRADIUS.
If rlm_rest and rlm_cache have attribute models that are elegant and
well thought out then let's move everything to that model. On the other
hand if ulang is conceptually cleaner then lets move rlm_rest and
rlm_cache to a ulang solution. Pick one idea and make everything follow
those rules. Consistency is a virtue and should be a goal of 3.0 IMHO,
it will make using FreeRADIUS easier. A major version upgrade is one of
the very few opportunities available to clean up.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list