Fallback LDAP Attribute Value
Ivan Kalik
tnt at kalik.net
Wed Jul 8 10:55:23 CEST 2009
> On 7/7/09 17:01, Ivan Kalik wrote:
>> Yes.
>>
>> if(((!reply:...) || (reply:... = "")) && Huntgroup-Name = "whatever")
>
> This works for those users that have the attribute set as a fallback
> measure but how do I stop it from returning the attribute when it was
> retrieved from LDAP, again I only want this attribute to be returned
> when the are calling from a particular huntgroup.
>
> So the scenario is - if they are calling from huntgroup "ciscoswitches"
> then we return the attributes either the value from LDAP for the VLAN or
> the fallback value from the post auth, if they are not calling from the
> huntgroup then don't return these attributes.
If I understand you well:
if(Huntgroup-Name == "ciscoswitches") {
if((!reply:...) || (reply:... = "")) {
update reply {
Tunnel-Private-Group-ID = "666"
}
}
}
else {
update reply {
Tunnel-Private-Group-ID -= "%{reply:Tunnel-Private-Group-ID}"
}
}
Extra bit will remove VLAN ID assigned from ldap for those not in
ciscoswitches huntgroup.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list