Returning Filter-Id based on LDAP group
Cornelius Kölbel
cornelius.koelbel at lsexperts.de
Mon Feb 6 16:53:10 CET 2012
Hello list,
I'd like to set the Filter-Id in the response based on an LDAP group.
authorize {
....
if ( Ldap-Group =~ /CN=group1,ou=groups,dc=company,dc=com/ ) {
update control {
Tmp-String-1 := "group1"
}
....
}
post-auth {
....
update reply {
Filter-Id := "%{control:Tmp-String-1}"
}
}
This works like a charme!
As I got a lot of groups, I'd like to do some pattern matching...
if ( Ldap-Group =~ /CN=(xyz),ou=groups,dc=company,dc=com/ ) {
update control {
Tmp-String-1 := "%{1}"
}
... but it seems that the ldap_groupcmp does not support pattern matching?
Am I right or does anybody has another idea?
Thanks a lot and kind regards
Cornelius
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120206/e42a2ba8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120206/e42a2ba8/attachment.pgp>
More information about the Freeradius-Users
mailing list