FR3 reply ldap's attr when bind as a user
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Sun Mar 2 11:08:55 CET 2014
On 1 Mar 2014, at 08:42, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
> On 1 Mar 2014, at 07:50, zz d <zzd7zzd at gmail.com> wrote:
>
>> I can bind as a user by configure in virtual server
>> authorize {
>> update {
>> control:Auth-Type := ldap
>> }
>> }
>> It works well and can authenticate a user with LDAP .
>> The "radiusd -X" output like
>> (2) ldap : Performing search in 'ou=a,dc=b,dc=domain' with filter '(sAMAccountName=abc)'
>> (2) ldap : Waiting for search result...
>> (2) ldap : User object found at DN "CN=s,OU=s,OU=s,OU=a,DC=b,DC=domain"
>> (2) ldap : Waiting for bind result...
>> (2) ldap : Bind successful
>> (2) ldap : Bind as user "CN=a,OU=ab,OU=a,OU=qiyi,DC=b,DC=domain" was successful
>> What I want to do is update reply:Reply-Message with the user information, such as
>> reply:Reply-Message := "CN=a,OU=ab,OU=a,OU=qiyi,DC=b,DC=domain"
>> I've tried to update reply in "mods-available/ldap", but it not work.
>
> You need to list the LDAP module in Post-Auth or Accounting...
Oops. Sorry, I misread your message because your config is so broken.
RHS in update block is an attribute name, NOT a DN, there are clear and explicit instructions about how to use the update block RIGHT ABOVE THE UPDATE BLOCK.
I advise you READ THEM.
https://github.com/FreeRADIUS/freeradius-server/blob/master/raddb/mods-available/ldap#L28
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140302/4be7435a/attachment.pgp>
More information about the Freeradius-Users
mailing list