rlm_perl to authenticate against data in ldap

Alan DeKok aland at deployingradius.com
Thu May 14 09:56:52 CEST 2009


Vincent Arniego wrote:
> I browsed the mailing list for possible solutions to the problem I have but unfortunately I didn't find any (or something I missed I dunno)
> 
> We have this Cisco ISG 7301 router that we are using that are passing the Remote-ID av pair as its User-Name (just a copy not that it matters)
> Now, the remote ID format is ascii in format but hexadecimal in meaning 0000079d010100660000000000000000000050544e55544147303033000705000064
> 
> We would only want to authenticate the part after the 20 zeroes "50544e55544147303033000705000064". By the way the length before this substring is always fixed (18 bytes) so we only want the part after 18 bytes.

  What does that mean?  "we want to authenticate the part...".  What
kind of authentication?  How?

> is it possible to parse this string in perl then passing the result string to ldap for authentication? Or will we use ldap inside rlm_perl?

  First, define what you want to do.  Do you want to treat that string
as a user id in LDAP, and do uid lookups based on it, or.... do you want
to do something else?

> Just to add, we also want to check the first 4 bytes (0000079d) if it is not in this format, we'll treat the whole user-id as a whole. 

  FreeRADIUS supports regular expressions, and can easily do that kind
of check.

  Alan DeKok.



More information about the Freeradius-Users mailing list