Hello,<br><br>I'm working with Freeradius 2.1.10<br><br>I want to authorize an user usng a multivaluated attribute (Relaciones), so I use perl.<br><br>The values of the attribute Relaciones are store in ldap. Nombre-Completo is another attribute store in ldap.<br>
<br>"Relaciones" is a integer value. An user is authorize if have one attribute "Relaciones" with a positive value (no + sign).<br><br>Relaciones, Nombre-Completo and Codigo-Reject are vendor specific attributes defined in /usr/share/freeradius/dictionary.rinuex<br>
<br>My script perl is:<br><br># cat /etc/freeradius/perl/checkRelaciones.pm <br><br>#!/usr/bin/perl<br><br>use strict;<br>use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);<br>#use Data::Dumper;<br><br>use constant RLM_MODULE_REJECT=> 0;# /* immediately reject the request */<br>
use constant RLM_MODULE_OK=> 2;# /* the module is OK, continue */<br><br>sub authorize {<br> my $refRelaciones;<br><br> if (exists $RAD_REPLY{'Relaciones'} && defined $RAD_REPLY{'Relaciones'}){<br>
$refRelaciones=$RAD_REPLY{'Relaciones'};<br> foreach (@{$refRelaciones}) {<br> if ($_ =~ /^[0-9]{2}/) {<br> return RLM_MODULE_OK;<br> }<br> }<br> $RAD_REPLY{'Codigo-Reject'}=11; #Sin-Relacion<br>
}<br> return RLM_MODULE_REJECT;<br>}<br><br>Everything works fine. <br><br>My problem is that rlm_perl duplicate an attribute in %RAD_REPLY hash.<br><br>Debug:<br><br>rad_recv: Access-Request packet from host x.x.x.x port 56822, id=100, length=75<br>
User-Name = "<a href="mailto:ana@unex.es">ana@unex.es</a>"<br> User-Password = "1111"<br> Calling-Station-Id = "..."<br>server rinuex {<br><br>...<br><br>[ldap1] looking for check items in directory...<br>
[ldap1] ntPassword -> NT-Password == 0x3..<br>[ldap1] looking for reply items in directory...<br> [ldap1] Relaciones -> Relaciones += "03"<br> [ldap1] sn -> Nombre-Completo = "Ana Gallardo"<br>
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?<br>[ldap1] user ana authorized to use remote access<br> [ldap1] ldap_release_conn: Release Id: 0<br>++++[ldap1] returns ok<br>
<br>...<br><br>rlm_perl: Added pair User-Name = <a href="mailto:ana@unex.es">ana@unex.es</a><br>rlm_perl: Added pair User-Password = 1111<br>rlm_perl: Added pair Intentos-Reject = 0<br>rlm_perl: Added pair SQL-User-Name = ana<br>
rlm_perl: Added pair Realm = <a href="http://unex.es">unex.es</a><br>rlm_perl: Added pair Stripped-User-Name = ana<br>rlm_perl: Added pair Calling-Station-Id = ...<br>rlm_perl: Added pair Nombre-Completo = Ana Gallardo<br>
rlm_perl: Added pair Relaciones = 03<br><span style="background-color: rgb(255, 255, 51);">rlm_perl: Added pair Relaciones = Ana Gallardo</span><br>rlm_perl: Added pair NT-Password = 0x344...<br>rlm_perl: Added pair Simultaneous-Use = 1<br>
rlm_perl: Added pair Ldap-UserDn = ...<br>++[perl] returns ok<br><br>...<br><br>++[pap] returns ok<br><br>...<br><br>} # server rinuex<br>Sending Access-Accept of id 100 to x.x.x.x port 56822<br> Nombre-Completo = "Ana Gallardo"<br>
Relaciones += "03"<br><span style="background-color: rgb(255, 255, 51);"> Relaciones += "Ana Gallardo"</span><br><br><br><br>Any ideas??<br><br>Sorry for my english and thank you in advance.<br>
<br>____________________<br> Ana Gallardo Gómez<br>____________________<br>