feature request: ldap enhancements

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Jan 13 22:34:00 CET 2014


> 
> To search for the NAS you probably want to use shortname, and you'll need to make sure that's unique.
> 
>        user {
>                #   Where to start searching in the tree for users
>                base_dn = "${..base_dn}"
> 
>                #  Filter for user objects, should be specific enough
>                #  to identify a single user object.
>                filter = "(&(radiusClientShortname=%{client:shortname})(objectclass=radiusClient))"
> 		
> 		...
> 	}
> 
> IIRC the current client xlat doesn't let you retrieve ID, and you can't use IP addresses if you're using ranges because the LDAP server won't have operators for comparing IPs/ranges.

And before you complain about how horribly inefficient it is, remember you can cache group memberships :)

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140113/28cd13ad/attachment.pgp>


More information about the Freeradius-Users mailing list