Conditional modules and dynamically attributes
Alan DeKok
aland at deployingradius.com
Wed Sep 11 22:15:50 CEST 2019
On Sep 11, 2019, at 4:06 PM, Viktor Kolesnikov <vvkolesnikoff at gmail.com> wrote:
> I have freeradius 3.0.20 and use rlm_ldap as a conditional module in the
> authorize section like this
> authorize {
> ...
> sql
> if (notfound) {
> -ldap
> if (&LDAP-Group == '% {Group-Name}') {
> update {
> &control:Auth-Type: = ldap
Ok.
> I enable and disable (if it is not configured) module by creating/deleting
> a link in the mods-enabled/ directory, but when the module is disabled,
> I cannot use the attribute LDAP-Group in the condition because it loads
> dynamically when the module loads.
Yes. How do you expect to use LDAP-Group when there's no ldap module?
The conditional modules are a simple hack for simple things. If you need complex changes, edit the configuration files.
> I found this issue
> https://github.com/FreeRADIUS/freeradius-server/issues/1642
> but it says nothing if a conditional module is used.
> How can I use dynamically loads attributes such as LDAP-Group or SQL-Group
> and conditional modules?
Edit the configuration files.
Why are you dynamically loading LDAP-Group when you aren't using ldap?
You should create a configuration that works. There's no point in creating a configuration that's broken, and then trying to make the server skip portions of it.
Alan DeKok.
More information about the Freeradius-Users
mailing list