Set reply attributes based on LDAP attribute

aidanr aidan at uq.edu.au
Mon Dec 5 03:24:22 CET 2011


Hi,

I am trying to configure freeradius 2.1.12 to set the
'Tunnel-Private-Group-Id' attribute based on a value retrieved from LDAP.

I have pulled the variable form LDAP and am storing it as a local Radius
variable called 'Person-OrgUnit'.  In the users file I am trying to check
it's value and set other attributes based on its value.

example:

DEFAULT Person-OrgUnit == "1122"
       Tunnel-Type             = VLAN,
       Tunnel-Medium-Type      = 802,
       Tunnel-Private-Group-ID = 1111

>From what I can see in the freeradius debug mode, is its being skipped
completely.  My old configuration which used the Ldap-Group attribute works
correctly, but I need to change over to this other attribute due to an
internal issue.  An example of the old configuration is below:

DEFAULT ldap_central-Ldap-Group == "Hosted"
       Tunnel-Type             = VLAN,
       Tunnel-Medium-Type      = 802,
       Tunnel-Private-Group-ID = 1107

I have looked at using rlm_checkval but I am seeing 

'rlm_checkval: Could not find item named Person-OrgUnit in request' 

in the logs.  I do not think this module is designed to do what I want.

--

What is the best way for me to check this radius CheckItem variable and
based on its value, set additional attributes?

Thank you,

--
View this message in context: http://freeradius.1045715.n5.nabble.com/Set-reply-attributes-based-on-LDAP-attribute-tp5047676p5047676.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.



More information about the Freeradius-Users mailing list