<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt">>> In a continuation to my previous issue about how to reference an LDAP<br><div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"><div style="font-family: times new roman, new york, times, serif; font-size: 12pt;">>> attribute in post-auth, I am now wondering how to iterate through a<br>>> multi-valued attribute in a perl script I call from post-auth. In the<br>>> debug you can see all three values are returned:<br>><br>> Multi-value attributes are an array in Perl.<br>><br>>> I'm no perl expert, but shouldn't I be able to reference all three<br>>> values with $RAD_REPLY{'Person-Type'}?<br>><br>> No. That entry is an array. You need @{$RAD_REPLY{'Person-Type'}},<br>> and then de-reference each entry from
there.<br>><br><br>I'm still having no luck trying to get all of the values off this multi-valued attribute.. I believe I've got the perl syntax correct but when I try to dereference @{$RAD_REPLY{'Person-Type'}} to check through all values, I get:<br><br>rlm_perl: perl_embed:: module = /etc/freeradius/groupcheck.pl , func = post_auth exit status= Can't use string ("employee") as an ARRAY ref while "strict refs" in use at /etc/freeradius/groupcheck.pl line 112.<br><br>It appears as though $RAD_REPLY{'Person-Type'} is a string not an array.. if I ask for value, I get "employee".. <br><br>But again, all three values are returned:<br><br>...<br>[ldap] looking for reply items in directory...<br> [ldap] personType -> Person-Type = "employee"<br> [ldap] personType -> Person-Type = "fulltime"<br> [ldap] personType -> Person-Type = "it"<br>WARNING: No "known good" password was found in LDAP. Are you sure that the user is
configured correctly?<br>[ldap] user atrack authorized to use remote access<br> [ldap] ldap_release_conn: Release Id: 0<br>++[ldap] returns ok<br>...<br><br>I did notice the following in the post-auth debug:<br><br>...<br>rlm_perl: Added pair User-Name = atrack<br>rlm_perl: Added pair MS-MPPE-Recv-Key = 0xc8bf3146d6b3966f0838e304da9bf9d2<br>rlm_perl: Added pair Person-Type = employee<br>rlm_perl: Added pair EAP-Message = 0x03090004<br>rlm_perl: Added pair MS-MPPE-Send-Key = 0x46948d82b0b42f60dd31e93a0d643790<br>...<br><br>So, for Person-Type, only the one value, employee, is passed to the perl module? Shouldn't there be another two lines of this for the other two values?<br><br>I (finally) upgraded to 2.1.12, with same results. How can I get the other values? <br><br>Or, is there a better way to do this? <br><br>Thanks,<br><br>A.<br><br><br><br> </div> </div> </div></body></html>