[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Radius and ldap



On Tue, 21 Dec 1999, Tom Helmer Jensen wrote:

> I have made a patch to Lucent's radius-server (v2.1) so it can use ldap
> authentication.
> 
> I believe it's unique in that way that each user has a field 'ppp' in
> LDAP that defines the users ppp-profile. Eg. we have profiles 'NO_PPP',
> 'STD_PPP' and 'IPX_PP' in our setup.
> 
> Does anyone know of any ither way to do this?
> 
> If anyone is interested i can send the patches.

Is there not scope for doing this "from the other end"?  That is, to allow
openldap to respond to radius requests.  That way, it could work with any
radius client, whether Open Source or commercial.

Sun's "Directory Services 3.1" LDAP (bundled with Solaris 7) takes this
approach.  Indeed it goes a step further and also responds to NIS
requests.  That is, viewed from the outside, it is not only an LDAP server
but also a radius and a NIS server.  The downside?  I believe they charge
a licensing fee above a certain number of entries in the database. 

For example:  our site uses openldap, tacacs and NIS:  if openldap
supported tacacs (or radius) and NIS, we would strongly consider migrating
everything to openldap, and it would also give us some benefit over and
above that mentioned. 

Just a thought...

-- 

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/~dcl0tdl            South Road            :
:                                           Durham                :
:  Phone: +44 191 374 2882                  U.K.                  :