FR3 reply ldap's attr when bind as a user

zz d zzd7zzd at gmail.com
Sun Mar 2 13:44:49 CET 2014 

Thanks Arran.

I provided the config like that is because I want to show the key part of
it.

Actually, I've read "mods-available/ldap" servral times before I post the
mail.
As shown in Figure below:

        Request
Client  --->    FreeRADIUS server  <--> LDAP
        <---
        Reply

I've tried to configure in "mods-available/ldap"  as "<radius attr> <op>
<ldap attr>" like

1. reply:Reply-Message = 'mail'
2. Reply-Message = 'mail'
3. update {
        reply:Reply-Message = 'mail'
    }

But the Reply in Figure does not contail attr Reply-Message.
Is my "<ldap attr>" invalid? I've also tried "Mail / Name / name".

Thanks for your answer again.



2014-03-02 18:08 GMT+08:00 Arran Cudbard-Bell <a.cudbardb at freeradius.org>:

>
> On 1 Mar 2014, at 08:42, Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> wrote:
>
> >
> > On 1 Mar 2014, at 07:50, zz d <zzd7zzd at gmail.com> wrote:
> >
> >> I can bind as a user by configure in virtual server
> >> authorize {
> >>        update {
> >>            control:Auth-Type := ldap
> >>        }
> >> }
> >> It works well and can authenticate a user with LDAP .
> >> The "radiusd -X" output like
> >> (2) ldap : Performing search in 'ou=a,dc=b,dc=domain' with filter
> '(sAMAccountName=abc)'
> >> (2) ldap : Waiting for search result...
> >> (2) ldap : User object found at DN "CN=s,OU=s,OU=s,OU=a,DC=b,DC=domain"
> >> (2) ldap : Waiting for bind result...
> >> (2) ldap : Bind successful
> >> (2) ldap : Bind as user "CN=a,OU=ab,OU=a,OU=qiyi,DC=b,DC=domain" was
> successful
> >> What I want to do is update reply:Reply-Message with the user
> information, such as
> >> reply:Reply-Message := "CN=a,OU=ab,OU=a,OU=qiyi,DC=b,DC=domain"
> >> I've tried to update reply in "mods-available/ldap", but it not work.
> >
> > You need to list the LDAP module in Post-Auth or Accounting...
>
> Oops. Sorry, I misread your message because your config is so broken.
>
> RHS in update block is an attribute name, NOT a DN, there are clear and
> explicit instructions about how to use the update block RIGHT ABOVE THE
> UPDATE BLOCK.
>
> I advise you READ THEM.
>
>
> https://github.com/FreeRADIUS/freeradius-server/blob/master/raddb/mods-available/ldap#L28
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140302/96b4d6b7/attachment.html>

More information about the Freeradius-Users mailing list