LDAP Accounting
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Tue Dec 11 15:26:45 CET 2012
On 11 Dec 2012, at 14:15, Olivier Beytrison <olivier at heliosnet.org> wrote:
> On 11.12.2012 13:40, Arran Cudbard-Bell wrote:
>>>
>>>
>>>> with roomNumber := "User %{%{Stripped-User-Name}:-%{User-Name}} logged
>>>> in at %S"
>>>>
>>>
>>> The main thing is we have a way of doing it, even if it's a little ugly.
>>
>> Actually, it looks like you can do a wildcard delete if you pass a 0 length value array.
>>
>> Could you try
>>
>> update {
>> <attribute> -= ANY
>> }
>>
>> Bare ANY keyword being magic.
>
> Works very well [1] :) Thx!
>
> and one more thing that would be nice to have. If something goes wrong
> with those ldap modifications, we should be able to choose if the user
> is rejected or not. like
>
> post-auth {
> update {
> <attr> <op> <val>
> }
> error = reject/noop
> }
You can do that already with rcode overrides.
ldap {
fail = 1
}
if (fail) {
ok
}
>
> and for the := set operator on multi-valued ldap attribute, we could
> implement something like <attr> := <old-value>:<new-value>.
> But that's pushing thing too far in my opinion ...
Oh is that why it replaces everything?
Do you know how to represent that in the mods struct?
>
> thanks for your work Arran!
> Olivier
Np.
Thanks again for testing!
-Arran
More information about the Freeradius-Devel
mailing list