"Conditional" LDAP Profile
Using 1.1.6 out of FreeBSD ports (no 1.1.7 yet).
Looking to use LDAP-stored attributes conditionally based on hints:
I start here in hints:
DEFAULT Prefix == "static:", Strip-User-Name = Yes
Hint = "STATIC",
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULT
Service-Type = Framed-User,
Framed-Protocol = PPP
That works fine. Then we go to users:
DEFAULT Auth-Type = LDAP
Fall-Through = 1
DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP,
Fall-Through = Yes
DEFAULT Hint == "STATIC", User-Profile :=
`uid=%u,ou=dialup,ou=radius,domain=example.com,dc=example,dc=com`
Reply-Message = `%u`
It appears that my User-Profile := `DN` does not go through
radius_xlat and my %u variable in the check item is never expanded.
Is this expected behavior?
If I hard-code the DN with the user-name instead of %u it works
great, but won't solve my problem.
I got the idea from the rlm_ldap doc:
...it can be set through the hints file in the authorize section:
DEFAULT Ldap-UserDN := `uid=%{User-
Name},ou=people,dc=company,dc=com`
Any thoughts or guidance or clarity on LDAP profile usage appreciated.
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.