Unscripted LDAP Searches
Scripting is not required for basic applications of LDAP authentication. In unscripted configurations, search parameters such as base Distinguished Names (DNs), filter strings, and attribute maps are configured in the ldapauth.aut file. Using the OnFound and OnNotFound settings of the [Search/name] sections, you can configure a decision tree in which the result of one LDAP query (Found or Not Found) determines whether another query is executed or the final authentication decision is returned to Steel-Belted Radius Carrier. The basic query tree provides sufficient control to meet the needs of many LDAP authentication applications. Figure 278 shows a sample query tree using unscripted branching.
Figure 279 shows the data flow involved in a scripted query. Instead of following a rigid branch structure, the request is processed according to the logic of the LDAP script, which might be arbitrarily complex. The script executes one or more LDAP queries, computes intermediate results from the return values, updates the LDAP variable table, and possibly executes additional queries against the LDAP server. Once the script has completed processing the request and made an authentication decision, it returns a result code to the plug-in.