Fallback LDAP Attribute Value

Ivan Kalik tnt at kalik.net
Tue Jul 7 15:29:05 CEST 2009


> I have the following line in my ldap.attrmap file to pull back a users
> VLAN assignment:
>
>> replyItem	Tunnel-Private-Group-ID	destinationIndicator
>
> The users file contains the following:
>
>> DEFAULT Ldap-Group == "allowed-access"
>> 	Service-Type = Framed-User,
>> 	Tunnel-Type = "VLAN",
>> 	Tunnel-Medium-Type = "IEEE-802"
>
> For the users which are in the "allowed-access" group those which have a
> value in the destinationIndicator attribute in LDAP work OK and are
> flipped into the appropriate VLAN. How do I specify a fallback so that
> if the user does not have this attribute set or it is empty then they
> are put into VLAN 666 for example.

Use unlang. Put something like this in post-auth:

if(reply:Tunnel-Private-Group-ID == "") {
     update reply {
          Tunnel-Private-Group-ID = "666"
     }
}

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list