are multivalued LDAP-attibutes in authorization for replyItems possible?

Tim Stone tmstn68 at googlemail.com
Fri Feb 20 16:08:07 CET 2009


Hello,

I want to return to the radius client radius attributes from LDAP
(authorization).
I configured the module "LDAP" in radiusd.conf and the authorization in default
site in the authorization section due to uncomment "ldap".
Then i added my attribute mappings in the ldap.attrmap:

replyItem       Session-Timeout              ldapTimeOut
replyItem       Idle-Timeout                    ldapTimeOut
replyItem       Colubris-AVPair               ldapColAvPair

and started the radiusd again. All working well, If a attribute is set in the
LDAP-Account, the radius client is getting this too.

But the ldapColAvPair is a multivalued attribute in LDAP. If I add more then one
Value in LDAP for ldapColAvPair, the radiusd delivers only one (the
first) to the
radius client.

Is this normal or can I configure the radiusd to return all values
from the multivalued
LDAP attribute?

Thanx in advance,

Tim Stone



More information about the Freeradius-Users mailing list