<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif">>Full debug please.</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif">></font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif">>Broadly speaking the approach you're trying should work. Most likely </font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif">>there's some subtlety which the partial debug doesn't show.</font></div><div style="font-size:
12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif">></font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif">>One obvious question: you have defined "Person-Type" in a dictionary </font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif">>somewhere, haven't you? e.g. in raddb/dictionary:</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif">></font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times,
serif">>ATTRIBUTE<span class="yiv72561045Apple-tab-span" style="white-space: pre;"> </span>Person-Type<span class="yiv72561045Apple-tab-span" style="white-space: pre;"> </span>3099<span class="yiv72561045Apple-tab-span" style="white-space: pre;"> </span>string</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif">></font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif">>Also, the usual "upgrade 2.1.8 is a bit old" note goes here ;o)</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times,
serif"><br></font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif">I recently saw another question along the same lines as this, so decided to give this another go...</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif">Am now running 2.1.10, and yes, Person-Type is defined in dictionary and ldap.attrmap. </font><span class="yiv72561045Apple-style-span">I've also defined in dictionary the following in hopes of passing on the value of Person-Type to this attribute:</span></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif"><br></font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span"
face="'times new roman', 'new york', times, serif">ATTRIBUTE Person-Group 3001 string</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif"><br></font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif">For the (outer) virtual server, in the authorize block I have the following:</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif"> ...</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new
york', times, serif"> ldap</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif"> update control {</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif"> Person-Group = "%{reply:Person-Type}"</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new
york', times, serif"> }</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif"> ...</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif"><br></font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif">In post-auth:</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif"> ...</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif">
update reply {</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif"> Reply-Message := "You are %{control:Person-Group}."</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif"> }</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif"> ...</font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman', 'new york', times, serif"><br></font></div><div style="font-size: 12pt; font-family: times,serif;"><font class="yiv72561045Apple-style-span" face="'times new roman',
'new york', times, serif">I
still cannot figure out how to pass this value from authorize to
post-auth. BTW, this is a multi-valued attribute, so what I'm really
trying to do is to call a perl script in post-auth to iterate through
all possible values, and set vlan based on whether a particular value
exists, thus shouldn't be done within authroize. Debug attached (I hope).. can't seem to post with it on here due to 100KB limit.<br><br>A.<br><br><br></font></div></div></body></html>