Contextual mapping of LDAP attributes
Peter Lambrechtsen
peter at crypt.nz
Thu Jul 7 22:54:06 CEST 2016
On Jul 8, 2016 6:30 AM, "Enrico Polesel" <polesel at poisson.phc.unipi.it>
wrote:
>
> Hello everyone,
>
> maybe a bit off-topic, but another way to this would be to define
> nasType in the clients.conf file and then refer to it with
> %{client:nasType}. So something like this
>
> client something {
> ipaddr = 1.2.3.4
> secret = hereiam
> nasType = xdsl
> }
> ...
> update {
> reply:ERX-Virtual-Router-Name := "%{client:nasType}virtualrouter"
> }
>
> (of course this won't work if the same intermediate server proxies
> requests from different types of NAS)
>
> Cheers,
> Enrico
I use shortname and then Client-Shortname for exactly that.
I set my BNGs with two values "A_B" in client shortname then use unlang to
split the string and use them for various parts of logic. One reason is
"Environment_UniqueVal" so I can determine if it's production or another
environment. This way I have a single config raddb across all environments.
Release management is a case of taring the directory and dropping it onto a
new environment then doing a -XC to make sure it's ok and bouncing the
daemon.
>
> On Wed, Jul 06, 2016 at 01:22:53PM +0200, Adamczak Krzysztof wrote:
> > Yeah I thought so. Another approach would be (specific to my
> > configuration) to map directly in ldap module update like this:
> > update {
> > reply:ERX-Virtual-Router-Name := "%{control:nasType}virtualrouter"
> > }
> >
> > Where control:nasType was set earlier (authorize section) based on
> > e.g. NAS-IP-Address (NAS-IP-Address -> "xdsl" | "adsl" " ...)
> >
> > thanks for the reply,
> > Krzysztof
> > -
> > List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list