Dynamic Vlan Allocation based on LDAP Attribute Value
tnt at kalik.net
tnt at kalik.net
Tue Feb 17 01:04:04 CET 2009
>>>Am I correct in saying that the LDAP-attribute that is mapped to
>>>Tunnel-Private-Group-ID would need to be set to the value of the the
>>>VLAN I require? The LDAP-attribute that I wish to use curently
>>>contains values like "ITISCP" and "ENISCP". I want to say if
>>>attribute value == ITISCP set vlan to 226 (ie Tunnel-Private-Group-ID
>>>= 226). Using ldap.attrmap mappings I would need to store the
>>>required vlan in a LDAP attribute. (I can't change the LDAP only read
>>>it).
>>>
>>
>> No. You can define your own attribute (let's say VLAN-Flag) in
>> raddb/dictionary and use unlang in authorize section to test and set
>> tunnel attributes.
>
>Thanks Ivan,
>
>I've configured a dictionary value "userORGUNIT" and added a
>ldap.attrmap mapping. I've tried to perform a comparison operation
>on the value of userORGUNIT in the config file: users.
>
>i.e DEFAULT userORGUNIT == "HR"
> Tunnel-Private-Group-Id = "226"
>
>But this does not match, even though debug shows "rlm_ldap: Adding
>userORGUNIT as userORGUNIT, value HR & op=21"
>
>Is this the correct location for these comparison operations? There
>are around 50 userORGUNIT''s that I need to compare against.
>
Files are normally listed before ldap in authorize. Use unlang switch
command *after* ldap entry. Or list files after ldap if you are using an
old version.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list