Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Unscripted LDAP Searches

Scripting is not required for basic applications of LDAP authentication. In unscripted configurations, search parameters such as base Distinguished Names (DNs), filter strings, and attribute maps are configured in the ldapauth.aut file. Using the OnFound and OnNotFound settings of the [Search/name] sections, you can configure a decision tree in which the result of one LDAP query (Found or Not Found) determines whether another query is executed or the final authentication decision is returned to Steel-Belted Radius Carrier. The basic query tree provides sufficient control to meet the needs of many LDAP authentication applications. Figure 277 shows a sample query tree using unscripted branching.

Figure 277: Query Tree with Unscripted Branching

Query Tree with Unscripted Branching

Figure 278 shows the data flow involved in a scripted query. Instead of following a rigid branch structure, the request is processed according to the logic of the LDAP script, which might be arbitrarily complex. The script executes one or more LDAP queries, computes intermediate results from the return values, updates the LDAP variable table, and possibly executes additional queries against the LDAP server. Once the script has completed processing the request and made an authentication decision, it returns a result code to the plug-in.

Figure 278: Scripted Query Data Flow

Scripted Query Data Flow

 

Modified: 2017-03-07