Multi-valued LDAP attribute configuration

Peter Lambrechtsen peter at crypt.nz
Tue Sep 12 23:21:23 CEST 2017 

What you should do a ldap query based on the incoming MAC address:

        user {
                filter = "(userServices=%{User-Name})"

Assuming the User-Name is the MAC address of the incoming client. The
"userServices" I assume is the multi-valued attribute in your ldap
directory.

Then if you get a response you know the record exists, otherwise it doesn't
and reject the request.



On Wed, Sep 13, 2017 at 4:36 AM, Steffen Klemer <steffen.klemer at gwdg.de>
wrote:

> Am Di, 12.09.2017 um 18:30 schrieb Srinivasa R
> <srinivasa.r at icts.res.in>:
>
> > I have installed FreeRADIUS server (Version 3.0.4) on Cent 7 OS and
> > configured the external authentication with 389-DS server using
> > rlm_ldap module. I would like to authenticate the mac address of all
> > the user which I have stored in LDAP. The macaddress field in LDAP is
> > a multi value attribute and the Freeraiud is communicating with LDAP
> > without any issues, but the freeradius is authenticating only the
> > first macaddress value from LDAP's multi value field.
> >
> > I would like to configure the Freeradius to authenticate all the
> > values from multi value filed. Someone suggested that we can
> > configure this using rlm_python or rlm_perl module. I am not a coder
> > and I am not able to find any step by guide to configure the same.
> > Could someone guide me on how to configure the Freeradius to
> > authenticate Multi-valued LDAP attribute?
>
> I used unlang features to implement sth. like this. I think you can
> adapt it to your use case.
>
>
> In the LDAP module I have sth like
>
> update {
>   request:gwdg-user-services += 'userServices'
> }
>
> where userServices is multi-valued and sometimes included
> 'eduroamNotAllowed'
>
>
> In the site I check against all occurrences:
>
> if ( &gwdg-user-services[*] !~ /eduroamNotAllowed/ ) {
> ...
> }
>
>
> lg
> /Steffen
>
> --
> Steffen Klemer                     E-Mail: Steffen.Klemer at gwdg.de
>                                    Tel:    +49 551 201 2170
>
> ------------------------------------------------------------------
> GWDG - Gesellschaft für wissenschaftliche
> Datenverarbeitung mbH Göttingen
> Am Faßberg 11, 37077 Göttingen
>
> Service-Hotline:
> Tel:    +49 551 201-1523
> E-Mail: support at gwdg.de
>
> Kontakt:
> Tel:    0551 201-1510
> Fax:    0551 201-2150
> E-Mail: gwdg at gwdg.de
> WWW:    https://www.gwdg.de
> ------------------------------------------------------------------
> Geschäftsführer:           Prof. Dr. Ramin Yahyapour
> Aufsichtsratsvorsitzender: Prof. Dr. Christian Griesinger
> Sitz der Gesellschaft:     Göttingen
> Registergericht: Göttingen, Handelsregister-Nr. B 598
> ------------------------------------------------------------------
> Zertifiziert nach ISO 9001
> ------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>

More information about the Freeradius-Users mailing list