multi-valued ldap-group attributes in rlm_cache
Zenon Mousmoulas
zmousm at noc.grnet.gr
Mon Aug 4 15:33:18 CEST 2014
On 2014-08-02 15:58, Arran Cudbard-Bell wrote:
>>
>> I can see rlm_ldap populate control:Ldap-Group:
>>
>> Sat Aug 2 12:12:55 2014 : Debug: Added control:ldap_xyz-Ldap-Group
>> with value "abc"
>> Sat Aug 2 12:12:55 2014 : Debug: Added control:ldap_xyz-Ldap-Group
>> with value "def"
>> [...]
>>
>> But it looks like rlm_cache only caches the first value:
>>
>> Sat Aug 2 12:12:56 2014 : Debug: (4) cache_xyz : Adding to cache
>> entry:
>> Sat Aug 2 12:12:56 2014 : Debug: (4) cache_xyz :
>> control:ldap_xyz-Ldap-Group += &ldap_xyz-Ldap-Group -> 'abc'
>>
>> And the next cache lookup only shows the first value:
>>
>> Sat Aug 2 12:13:02 2014 : Debug: (9) cache_xyz : Merging cached
>> control list:
>> Sat Aug 2 12:13:02 2014 : Debug: (9) cache_xyz :
>> ldap_xyz-Ldap-Group += 'abc'
>>
>> Is this supposed to work? I am using 3.0.4 rc1.
>
> Yes, but I have a good idea why it's not.
Would you please elaborate?
> So, one last call on multivalued attributes before I write the code.
>
> For update {} sections people would prefer
>
> update {
> Foo += &Bar[*]
> }
>
> over
>
> update {
> Foo += &Bar
> }
>
> Even though LDAP multivalued is
>
> update {
> foo += 'bar'
> }
I have seen the discussion but personally I have no preference, as long
as the syntax is documented.
More information about the Freeradius-Users
mailing list