Set reply attributes based on LDAP attribute
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Mon Dec 5 10:57:27 CET 2011
Hi,
> I am trying to configure freeradius 2.1.12 to set the
> 'Tunnel-Private-Group-Id' attribute based on a value retrieved from LDAP.
use unlang - either completely to do the work...or to populate
the packet so that other modules can use it e.g.
if (Person-OrgUnit) {
update request {
Person-OrgUnit := %{Person-OrgUnit}
}
}
or somesuch...in the authorize section straight after your LDAP
call. this would assume you've added such a local name to the dictionary...
there are a few local/non reserved variables you can use..
- I'd personally use unlang or PERL to just do the work directly
as then you dont need to play with dictionaries etc eg
if ("%{Person-OrgUnit}" == "1122") {
update reply {
Tunnel-Type = "VLAN"
Tunnel-Medium-Type = "802"
Tunnel-Private-Group-ID = "1111"
}
}
do this in eg the post-auth section of the server
dont take my unlang as verbatim...its quickly typed out as a rough
pointer...your mileage and requirements may vary ;-)
alan
More information about the Freeradius-Users
mailing list