Multi-valued LDAP attribute

Adam Track adamtrack at rocketmail.com
Thu Dec 22 19:31:40 CET 2011


Hi All,

In a continuation to my previous issue about how to reference an LDAP attribute in post-auth, I am now wondering how to iterate through a multi-valued attribute in a perl script I call from post-auth.  In the debug you can see all three values are returned:

...
[ldap] looking for reply items in directory...
  [ldap] personType -> Person-Type = "employee"
  [ldap] personType -> Person-Type = "fulltime"
  [ldap] personType -> Person-Type = "it"
...

The perl module currently has the following code because I can't seem to be able to get any result other than the first, ie "employee", and I really need the other two (possibly more) to do a proper VLAN assignment:
 
while (($att,$val) = each(%RAD_REPLY)){
                if ($att =~ 'Person-Type'){
                        $count++;
                        if ($count == 1){
                                $one = $val;
                        } else {
                                $two = $val;
                        }
                }
        }
        $RAD_REPLY{'Reply-Message'} = "Total: $count, first: $one, second: $two.";

The results are:

...
   Reply-Message = "Total: 1, first: employee, second: ."
...

I'm no perl expert, but shouldn't I be able to reference all three values with $RAD_REPLY{'Person-Type'}? If not, where are the other values being stored?   I read from the archives that this can be done with 3.X and foreach using unlang, but I'm stuck with 2.1.10 at the moment.  Or, do multi-valued attributes need to be defined another way?

Thanks,

A.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111222/15bf6c06/attachment.html>


More information about the Freeradius-Users mailing list