These messages will be visible in radius.log as aditional information in
"Login incorrect" and "Invalid user" log messages.
+LDAP XLAT:
+The ldap module now supports LDAP URLs in xlat strings. That is you can now
+add LDAP URLs in the configuration options and hopefully shortly also in the
+users file. The strings will be of the following form:
+
+%{ldap:ldap:///dc=company,dc=com?uid?sub?uid=%u}
+
+The requested attributes list MUST contain only ONE attribute. In case this attribute
+is multi valued which value is returned is considered UNDEFINED.
+Also, adding the host:port information SHOULD be avoided unless there are more than one
+ldap module instances in which case the host,port information can be used to distinguish
+which module will actually return the information (the xlat function will return NULL if
+the host,port information does not correspond to the configured attributes).
+
+
DIRECTORY COMPATIBILITY NOTE:
If you use LDAP only for authorization and authentication (e.g. you can not
afford schema extention), I propose to set all necessary attributes in
* %{ldap:ldap:///dc=company,dc=com?cn?sub?uid=user}
* Nov 2001, Gordon Tetlow <gordont@gnf.org>
* - Do an xlat on the access_group attribute.
+ * Dec 2001, Kostas Kalevras <kkalev@noc.ntua.gr>
+ * - Added ldap caching for the default/regular profiles and group entries.
+ * - Fixed a memory leak in ldap_xlat.
+ * - Removed dict_attrbyname from ldap_pairget. They are not needed.
+ * - Moved the radius_xlat's for filter and basedn in ldap_authenticate() to
+ * the right place.
+ * - Made the module thread safe. We create a connection pool and each thread
+ * will call ldap_get_conn to lock one of the ldap connections and release with
+ * a call to ldap_release_conn when it has finished.
+ * - Request only the user attributes that interest us (radius attributes,regular
+ * profile,user password and access attribute).
*/
static const char rcsid[] = "$Id$";
projects / freeradius.git / commitdiff