Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

LDAP Basics

 

Many companies use Lightweight Directory Access Protocol (LDAP) directory servers to store user authentication and authorization information. Steel-Belted Radius Carrier can process authentication requests against records stored in one or more external LDAP databases.

LDAP scripting is used when more sophisticated decision logic or attribute manipulation is required than can be implemented using unscripted searches. Incorporating JavaScript into the Steel-Belted Radius Carrier ldapauth.aut file gives you much greater flexibility in the processing of LDAP authentication queries. Scripted authentication enables a level of control comparable to SQL stored procedures.

For example, LDAP scripts can combine data from several LDAP queries and analyze the results to determine which query to invoke next. LDAP scripts can evaluate loops and complicated if-then-else logic, build up RADIUS attribute value strings from scratch, and write status messages to the Steel-Belted Radius Carrier log.

Note

LDAP scripting does not support DataAccessors(). There is no way to use a data accessor to query a SQL database from within the LDAP authentication plug-in, so trying to execute DataAccessor() from an LDAP script causes a runtime exception.