split Called-Station-Id

Sat Feb 1 18:28:14 CET 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> Brian Julin <BJulin at clarku.edu> writes:
> In that case, you should include the part of the debug output where
> the test for Called-Station-SSID (in users file or unlang) is done.

yes, it is there, thank you 

> From there, you should be able to work out how to compare against an
> attribute extracted from either a direct ldap module query, or loaded
> via the ldap.attrmap file.

what namely can I do to see where ldap attribute `radiusCheckItem'
value, set to `Called-Station-SSID == "USER_SSID"', is extracted to? How
to get it and how to use it?

.ldif for user and profile are:

- ---[ quotation start ]-------------------------------------------
dn: cn=student2,ou=users,ou=radius,dc=es
cn: student2
objectclass: radiusprofile
objectclass: person
radiusgroupname: students
sn: student2
userpassword: student2

dn: cn=students,ou=profiles,ou=radius,dc=es
cn: students
description: checked in file users
objectclass: radiusprofile
objectclass: person
radiuscheckitem: Called-Station-SSID == "USER_SSID"
radiusreplyitem: Tunnel-Private-Group-Id = 21
radiusreplyitem: Tunnel-Type = 13
radiusreplyitem: Tunnel-Medium-Type = 6
radiusreplymessage: Hello, profile STUDENT was applied to you.
radiussessiontimeout: 900
sn: students
- ---[ quotation end   ]-------------------------------------------

here is what is in the debug:

- ---[ quotation start ]-------------------------------------------
...
Sat Feb  1 12:49:50 2014 : Info: ? Evaluating (Called-Station-Id =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_. ]*)?/i) -> TRUE
Sat Feb  1 12:49:50 2014 : Info: +++? if (Called-Station-Id =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_. ]*)?/i) -> TRUE
Sat Feb  1 12:49:50 2014 : Info: +++if (Called-Station-Id =~ /^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_. ]*)?/i) {
Sat Feb  1 12:49:50 2014 : Info: ++++update request {
Sat Feb  1 12:49:50 2014 : Info:        expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 485b39e7b03b
Sat Feb  1 12:49:50 2014 : Info:        expand: %{7} -> USER_SSID
Sat Feb  1 12:49:50 2014 : Info: ++++} # update request = noop
...
Sat Feb  1 12:49:50 2014 : Debug:   [ldap] performing search in cn=students,ou=profiles,ou=radius,dc=es, with filter (objectclass=radiusprofile)
Sat Feb  1 12:49:50 2014 : Debug:   [ldap] extracted attribute Called-Station-SSID from generic item Called-Station-SSID := "USER_SSID"
Sat Feb  1 12:49:50 2014 : Debug:   [ldap] radiusReplyMessage -> Reply-Message = "Hello, profile STUDENT was applied to you."
Sat Feb  1 12:49:50 2014 : Debug:   [ldap] radiusSessionTimeout -> Session-Timeout = 900
Sat Feb  1 12:49:50 2014 : Debug:   [ldap] extracted attribute Tunnel-Private-Group-Id from generic item Tunnel-Private-Group-Id = 21
Sat Feb  1 12:49:50 2014 : Debug:   [ldap] extracted attribute Tunnel-Type from generic item Tunnel-Type = 13
Sat Feb  1 12:49:50 2014 : Debug:   [ldap] extracted attribute Tunnel-Medium-Type from generic item Tunnel-Medium-Type = 6
Sat Feb  1 12:49:50 2014 : Info: [ldap] looking for check items in directory...
Sat Feb  1 12:49:50 2014 : Debug:   [ldap] userPassword -> Cleartext-Password == "student2"
Sat Feb  1 12:49:50 2014 : Debug:   [ldap] userPassword -> Password-With-Header == "student2"
Sat Feb  1 12:49:50 2014 : Info: [ldap] looking for reply items in directory...
Sat Feb  1 12:49:50 2014 : Info: [ldap] Pairs do not match. Rejecting user.
Sat Feb  1 12:49:50 2014 : Debug:   [ldap] ldap_release_conn: Release Id: 0
Sat Feb  1 12:49:50 2014 : Info: ++[ldap] = reject
...
- ---[ quotation end   ]-------------------------------------------

which pairs, ldap module complains, do not match? :(

- -- 
Zeus V. Panchenko				jid:zeus at im.ibs.dn.ua
IT Dpt., I.B.S. LLC					  GMT+2 (EET)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlLtLq4ACgkQr3jpPg/3oyrH+ACfZEAbMh8sPesD+1hcve6hFFjb
7SYAoO1i7o8YyNUjEDqr7ANenBoYDoVE
=ZmFT
-----END PGP SIGNATURE-----