AW: FreeRADIUS 3 LDAP Questions

[Hachmer, Tobias]

Hello Arran,
________________________________________
Von: freeradius-users-bounces+tobias.hachmer=stadt-frankfurt.de at lists.freeradius.org [freeradius-users-bounces+tobias.hachmer=stadt-frankfurt.de at lists.freeradius.org]" im Auftrag von "Arran Cudbard-Bell [a.cudbardb at freeradius.org]
Gesendet: Dienstag, 26. November 2013 13:58
An: FreeRadius users mailing list
Betreff: Re: FreeRADIUS 3 LDAP Questions

>> Yeah, in my tests I recognized there are problem with some operators, like:
>> (0) ERROR: ldap : Invalid list qualifier "Aruba-User-Role :"
>> (0) WARNING: ldap : Failed parsing 'radiusReplyItem' value "Aruba-User-Role := "root"" as valuepair, skipping...
> Hm. That should be fixed, it shouldn't *require* list qualifiers. I'll take a look.

Ok, do you take care about this issue or do I have to create an issue on github?

>> checkItem        $GENERIC$                        radiusCheckItem
>> replyItem        $GENERIC$                        radiusReplyItem
>> This is very important. I don't want to define a ldap attribute for each VSA.
>All check items should be modified to include the 'control:' list qualifier, all replyItems should be modified to include the 'reply:' list qualifier.
>All generic RADIUS attributes should be stored in the same LDAP attribute.
>Slight correction to what I said earlier, you can actually use any list qualifier that you'd use in an update section. I think it even takes request qualifiers (outer.) too.

Ahh, I think I have got it now. The list qualifier has to be part of the ldap attribute value. Well, this is quite good. For this it might be useful to get rid of the ldap attributes "radiusCheckItem" and "radiusReplyItem" in order to use a new one like e.g. "radiusGenericItem" in the freeradius ldap schema.
Thanks for clarification, Arran!

Regards,
Tobias Hachmer