Unlang - switch case against ldap-group not working
Jérôme BERTHIER
Jerome.Berthier at inria.fr
Thu Jun 11 16:15:19 CEST 2020
Hello,
I wrote an authorize policy used to update some VPN attributes against
specific ldap groups.
I see a different behavior when I use a "switch case" logic versus using
"if" condition.
When using "switch case", the ldap module is not called. So, the ldap
group is not populated and the test doesn't work.
But if I do the same test using an "if" condition then it works.
Configuration using "switch case" - not working in authorize section :
switch &Ldap-group {
case "group1" {
update {
reply:Reply-message := "You are from group1."
}
return
}
case "group2" {
update {
reply:Reply-message := "You are from group1."
}
return
}
case {
update {
reply:Reply-message := "You are unknown."
}
return
}
}
Configuration using "if / elsif / else" - working in authorize section :
if (&Ldap-group == "group1") {
update {
reply:Reply-message := "You are from group1."
}
return
}
elsif (&Ldap-group == "group2") {
update {
reply:Reply-message := "You are from group1."
}
return
}
else {
update {
reply:Reply-message := "You are unknown."
}
return
}
I had a look on some documentations (man unlang, rlm_ldap) but I do not
understand if it is a normal behavior of the condition "switch case" or not.
Thank you for your help
--
Jérôme BERTHIER
DSI - Service Conception d'Infrastructure
Inria Bordeaux - Sud-Ouest
+ 33 5 24 57 40 50
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3651 bytes
Desc: Signature cryptographique S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20200611/71750109/attachment.bin>
More information about the Freeradius-Users
mailing list