Logging the return code from the ldap authentication to SQL.

Alan DeKok aland at deployingradius.com
Mon Mar 16 16:13:08 CET 2009


Augusto G. Andreollo wrote:
> I have the need to log the return code from the LDAP authentication to
> our database (I'm adding it to the postauth table scheme).

  I wouldn't suggest doing that for EVERY packet.  Why do you think it's
necessary?

> I've already modified the database scheme (ok), the attribute map, to
> create a new attribute called "reason" (ok) and the insert queries (ok).
> All of this is working fine, including the complete authentication, all
> the way thru Access-Accept and Accounting. 
> 
> My problem now is getting the return code into the variable, according
> to the LDAP module results.

  It looks like it's working.  What's the problem?

> (and then it goes on to successfuly add the string "rejected" to the
> database. Again, that part is working smoothly).

  So... what's the problem?

> My second attempt was with a switch statement, as follows: 
> 
>         authenticate {
>                 Auth-Type LDAP {
>                         redundant {
>                                 ldap1
>                                 ldap2
>                         }
> 
>                         switch "%{control:rcode}" {

  Umm... there is no "control:rcode" attribute.

> 	expand: %{control:rcode} -> 
> ++- entering switch %{control:rcode} {...}
> +++- entering case  {...}

  See?  No "control:rcode".

> (to save room, i've already tried encasing the case options in quotes,
> as 'rejected', 'ok', etc.. that gives me the exact same results. So does
> putting it on double quotes, as "ok", "rejected", etc..)
> 
> So, any ideas?

  Use the first method, not the second.

  Alan DeKok.



More information about the Freeradius-Users mailing list