rlm_ldap and (automagic) xlat

Alan DeKok aland at deployingradius.com
Fri Oct 29 15:46:33 CEST 2010


Sven Hartge wrote:
...
> |         update request {
> |                 GIFB-NetzAccStatus := "%{ldap:ldap:///dc=fh-giessen-friedberg,dc=de?GIFB-NetzAccStatus?sub?uid=%u}"
> |                 GIFB-Status := "%{ldap:ldap:///dc=fh-giessen-friedberg,dc=de?GIFB-Status?sub?uid=%u}"
...
> Now, for my rather simple question: 
> 
> Why can't I just add the following to ldap.attrmap and have the ldap
> module add those two attributes automagically. Why do I have to use two
> separate ldap_xlat queries:
> 
> checkItem       GIFB-NetzAccStatus      GIFB-NetzAccStatus
> checkItem       GIFB-Status             GIFB-Status

  That doesn't seem to be consistent.  "update request" versus "checkItem" ?

> I also tried this with "replyItem" instead of checkItem and also tried
> adding ":=" as the operator, but without the separate ldap_xlat queries both
> RADIUS-Attributes are not available after the normal ldap module ran.
> 
> It seems I am missing some crucial part of information here or just lack the
> understanding of this part of Freeradius.

  They attributes *are* added, to the list that you specified.  If you
want to refer to them in a particular list, see "man unlang".  Referring
to them a "GIFB-NetzAccStatus" means referring to that attribute in the
*request*, not the *control* list, and not the *reply* list.

  Alan DeKok.



More information about the Freeradius-Users mailing list