post-auth help to simplify

Jonathan Davis jonathan at prioritycolo.com
Mon Aug 30 14:26:55 CEST 2021


I skimmed the docs for a sub-string or trim style method to call on a 
string, but did fine one.

You could use capturing groups in your regex:

if (&LDAP-Group == /(^\s?)(RSSO.*)(\s?)/) {

Then reference the 2nd group instead of the match with "%{2}"

If you're expecting more than a single whitespace, start or end, modify 
the regex.

- Jonathan

On 2021-08-30 4:20 a.m., Pizu wrote:
> Hello,
>
> Currently we have the below in the post-auth and I would like to simplify
> this.
>
>         if (&LDAP-Group == "RSSO - Group - 01") {
>                  update reply {
>                          &Tunnel-Type := "VLAN"
>                          &Tunnel-Medium-Type := "IEEE-802"
>                          &Tunnel-Private-Group-Id := "943"
>                          &Class := "RSSO-Group-01"
>                  }
>          }
>          elsif (&LDAP-Group == " RSSO - Test - Group - 01 ") {
>                  update Reply {
>                          &Tunnel-Type := "VLAN"
>                          &Tunnel-Medium-Type := "IEEE-802"
>                          &Tunnel-Private-Group-Id := "943"
>                          &Class := "RSSO-Test-Group-01"
>                  }
>          }
> etc...
>
>
> We have over 70 groups like this, the above is working but I'd like to
> minimize the changes on the freeradius configuration and was thinking of
> using regex but not sure if it's possible in my case.
> As you can see from the above the LDAP-Group and Class differences are the
> spaces.
>
> I was thinking of doing something like the below:
>
>         if (&LDAP-Group =~ /^RSSO/) {  << Match if group starts with RSSO
>                 update reply {
>                         &Tunnel-Type := "VLAN"
>                         &Tunnel-Medium-Type := "IEEE-802"
>                         &Tunnel-Private-Group-Id := "943"
>                         &Class := "${0}" << is it possible to remove
> whitespaces? before the update reply?
>                 }
>         }
>
> Regards,
>
> Pizu
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list