[EXT] Re: WPA-EAP configuration with LDAP backend calls ldap module twice

Mark van Reijn mvreijn at idfocus.nl
Wed Mar 20 18:47:51 CET 2019


> On 20 Mar 2019, at 18:08, Brian Julin <BJulin at clarku.edu> wrote:
> 
> We had to do a few byzantine things to minimize LDAP calls on our setup.
> 
> See http://lists.freeradius.org/pipermail/freeradius-users/2016-January/081595.html
> 

Thank you! 

Combining your setup with Alan's earlier suggestions and I now have a working setup which only calls ldap once. 

I have altered the call to ldap in the inner server as follows:

    if (! &outer.session-state:NIVO-LDAP-Trigger) {
        ldap
        update outer.session-state {
           User-Profile := "%{ldap:ldap:///ou=groups,o=vault?nivoRadiusProfileDN?one?(&(member=%{control:Ldap-UserDN})(nivoRadiusProfileDN=*))}"
           Tunnel-Type := &reply:Tunnel-Type
           Tunnel-Private-Group-ID := &reply:Tunnel-Private-Group-ID
           Tunnel-Medium-Type := &reply:Tunnel-Medium-Type
           NIVO-LDAP-Trigger := "ldapdone"
        }
    }

Thank you all for the help!
Cheers,

Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3949 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20190320/79f1085e/attachment.bin>


More information about the Freeradius-Users mailing list