From: kkalev Date: Sat, 3 Apr 2004 21:35:17 +0000 (+0000) Subject: Add ldap_userdn as a configuration directive. If set we use that for X-Git-Url: https://git.entuzijast.net/?a=commitdiff_plain;h=5f4faf3cca816659d3eb7b44580221574db21a5c;p=freeradius-dialup-admin.git Add ldap_userdn as a configuration directive. If set we use that for user DN's (variables supported) instead of performing and ldap search for each user. That can be somewhat faster. --- diff --git a/Changelog b/Changelog index 3f15eb7..1a7c3be 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,8 @@ +Ver 1.70: +* Add the /bin postgresql compatibility patch from Guy Fraser +* Add ldap_userdn as a configuration directive. If set we use that for + user DN's (variables supported) instead of performing and ldap search for + each user. That can be somewhat faster. Ver 1.68: * Huge PostgreSQL compatibility patch by Guy Fraser * Also support the Crypt-Password attribute in lib/sql/password_check.php3. Patch by Guy Fraser @@ -13,7 +18,6 @@ Ver 1.68: sql errors. That can help in case there is one sql query which stops the whole failed logins logging system from working * Sort the servers list in failed_logins,user_stats,stats -* Add the /bin postgresql compatibility patch from Guy Fraser Ver 1.65: * Add a captions.conf file with a few configurable captions for now * Move the nas list to a separate file called naslist.conf diff --git a/conf/admin.conf b/conf/admin.conf index 6fefb56..076274d 100644 --- a/conf/admin.conf +++ b/conf/admin.conf @@ -195,6 +195,12 @@ ldap_regular_profile_attr: dialupregularprofile # ldap_filter: (&(uid=%u)(manager=uid=%U,ou=admins,o=company,c=com)) # #ldap_filter: (uid=%u) +# +# If ldap_userdn is set then we use that for user dns, we don't perform an ldap +# search. This can be somewhat faster. The variables supported for ldap_filter +# are also supported here +# +#ldap_userdn: uid=%u,%{ldap_base} # diff --git a/lib/ldap/user_info.php3 b/lib/ldap/user_info.php3 index 33fe3fb..45116b8 100644 --- a/lib/ldap/user_info.php3 +++ b/lib/ldap/user_info.php3 @@ -30,13 +30,24 @@ if ($config[general_decode_normal_attributes] == 'yes') $ds=@ldap_connect("$config[ldap_server]"); // must be a valid ldap server! if ($ds) { $r=@da_ldap_bind($ds,$config); - if ($config[ldap_filter] != '') - $filter = ldap_xlat($config[ldap_filter],$login,$config); + if ($config[ldap_userdn] == ''){ + if ($config[ldap_filter] != '') + $filter = ldap_xlat($config[ldap_filter],$login,$config); + else + $filter = 'uid=' . $login; + } + else + $filter = ldap_xlat($config[ldap_userdn],$login,$config); + if ($config[ldap_debug] == 'true'){ + if ($config[ldap_userdn] == '') + print "DEBUG(LDAP): Search Query: BASE='$config[ldap_base]',FILTER='$filter'
\n"; + else + print "DEBUG(LDAP): Search Query: BASE='$filter',FILTER='(objectclass=radiusprofile)'
\n"; + } + if ($config[ldap_userdn] == '') + $sr=@ldap_search($ds,"$config[ldap_base]", $filter); else - $filter = 'uid=' . $login; - if ($config[ldap_debug] == 'true') - print "DEBUG(LDAP): Search Query: BASE='$config[ldap_base]',FILTER='$filter'
\n"; - $sr=@ldap_search($ds,"$config[ldap_base]", $filter); + $sr=@ldap_read($ds,$filter, '(objectclass=radiusprofile)'); $info = @ldap_get_entries($ds, $sr); $dn = $info[0]['dn']; if ($dn == '')