totpcgi-handler.pl may be used by the embeded perl interpreter for
FreeRADIUS. To use this make sure that toptcgi-handler.yaml is in
/etc/raddb/ along with the perl script.

Modules required for the script to run are:

IO::Socket::SSL
Net::SSLeay
Net::LDAP
Net::LDAP::Util
LWP::UserAgent
YAML::Syck

The script is aware of it's calling name. If you have a need for
creating multiple vservers in FreeRADIUS and want different filters /
checks for your perl module then all you need to do is symlink this
script and create a correspondingly named yaml file to load the
configuration from.

Users will be validated provided they pass an LDAP user search filter.
It is recommended that you have loaded in the FreeRADIUS LDAP scheme
extensions and use the extra attributes in your filter (see example
config file).

If a groupSearchBase & groupSearch are defined in the configuration file
then the user must be a member of at least 1 of the groups listed in the
filter. NOTE: separate group filters are combined using the | filter
function.

There is a limited number of attributes that are presently mapped back
out of LDAP as we do not use the rlm_ldap attributes file. To extend the
attributes add to the @attrs & %attrib_map definitions.

The current mapping is as follows:

LDAP Attribute		RADIUS AV
==============		=========
radiusGroupName		Class
radiusFramedIPAddress	Framed-IP-Address
radiusFramedIPNetmask	Framed-IP-Netmask
radiusFilterId		Filter-Id
radiusIdleTimeout	Idle-Timeout
radiusServiceType	Service-Type
radiusSessionTimeout	Session-Timeout
