Fallback LDAP Attribute Value

Steven Carr steven.carr at sunderland.ac.uk
Wed Jul 8 17:12:59 CEST 2009


On 8/7/09 15:07, Alan DeKok wrote:
>   You can map that VLAN number to a server-side attribute.  Then, copy
> it to the correct tunnel attribute when you want.
> 
>   e.g. map it to Tmp-String-0, (ldap.attrmap), and then do:
> 
> 
> 	if (... i want to send vlan) {
> 		update reply {
> 			Tunnel-Private-Group-Id = "%{Tmp-String-0}"
> 			...
> 		}
> 	}

OK getting closer...

ldap.attrmap contains:
replyItem	Tmp-String-0			destinationindicator

post-auth section contains:
	if ((!reply:Tmp-String-0) || (reply:Tmp-String-0 == "")) {
    	update reply {
    		Tunnel-Private-Group-Id = "666"
    	}
    }
    else {
    	update reply {
    		Tunnel-Private-Group-Id = "%{Tmp-String-0}"
    	}
    }

debug output shows:
++? if ((!reply:Tmp-String-0) || (reply:Tmp-String-0 == ""))
?? Evaluating !(reply:Tmp-String-0) -> TRUE
?? Evaluating (reply:Tmp-String-0 == "") -> FALSE
++? if ((!reply:Tmp-String-0) || (reply:Tmp-String-0 == "")) -> FALSE
++- entering else else
	expand: %{Tmp-String-0} ->

So Tmp-String-0 supposedly is there, and isn't empty, but I cant get the
data out of it.

In the packet back it is set to:
    Tunnel-Private-Group-Id:0 = ""

What am I missing?

Steve

-- 
Steven Carr
Systems Development Officer
SLS/ITS/Systems - (0191) 515 3953

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 257 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090708/c2efdb46/attachment.pgp>


More information about the Freeradius-Users mailing list