feature request: ldap enhancements
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Jan 13 22:34:00 CET 2014
>
> To search for the NAS you probably want to use shortname, and you'll need to make sure that's unique.
>
> user {
> # Where to start searching in the tree for users
> base_dn = "${..base_dn}"
>
> # Filter for user objects, should be specific enough
> # to identify a single user object.
> filter = "(&(radiusClientShortname=%{client:shortname})(objectclass=radiusClient))"
>
> ...
> }
>
> IIRC the current client xlat doesn't let you retrieve ID, and you can't use IP addresses if you're using ranges because the LDAP server won't have operators for comparing IPs/ranges.
And before you complain about how horribly inefficient it is, remember you can cache group memberships :)
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140113/28cd13ad/attachment.pgp>
More information about the Freeradius-Users
mailing list