Policy construct for string "concatenation"

Ray Scholl ray.scholl at security7.net
Sat Oct 15 13:14:43 CEST 2011

Good morning:

So, I took all of your advice - example constructs, suggestion to do a little testing etc. I built a duplicate server and my question still remain.

The construct I have -

                  if ( clients_ldap-Ldap-Group == "%{FreeRadius-Client-Shortname}%{'otp'}"  ) {

My intention is to see if the active directory security group 'xyzotp' from the attribute on the left matched the content of the short name variable 'xyz' after adding/concatenating 'otp'.  When I tested, as suggested, any time the token was in the group it evaluated true NO MATTER what the group name really was.

If this isn't clear enough I will be very concise in my configuration and goals - just looking for a solution to wrap this up once and for all.



-----Original Message-----
From: freeradius-users-bounces+ray.scholl=security7.net at lists.freeradius.org [mailto:freeradius-users-bounces+ray.scholl=security7.net at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Thursday, October 13, 2011 9:54 PM
To: FreeRadius users mailing list
Subject: Re: Policy construct for string "concatenation"

Ray Scholl wrote:
> You refer to them as variables – so I am assuming it cannot be a 
> constant?  I must declare a variable and assign ‘otp’?

  They're just strings.  If you've done any kind of computer programming, string expansion should be familiar.

  (1) take the string "..."
  (2) Expand everything which looks like %{NAME}
  (3) leave everything else alone.

  "Hello, my name is %{User-Name}"


  "Hello, my name is bob"

  Again like most computer programming, it would have been faster for you to *try* a few things for yourself.  That way you learn by experience, rather than waiting for someone to get around to answering the posts on the list.

  Alan DeKok.
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list