<div dir="ltr">Thanks Arran.<div><br></div><div>I provided the config like that is because I want to show the key part of it.</div><div><br><div>Actually, I've read "mods-available/ldap" servral times before I post the mail.</div>
<div>As shown in Figure below:</div><div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div> <font color="#0000ff">Request</font></div><div><font color="#0000ff">Client ---> FreeRADIUS server <--> LDAP</font></div>
<div><font color="#0000ff"> <---</font></div><div><font color="#0000ff"> Reply</font></div></div></blockquote>I've tried to configure in "mods-available/ldap" as "<span style="color:rgb(51,51,51);font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12px;line-height:18px;white-space:pre"><radius attr> <op> <ldap attr>" </span>like </div>
<div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><font color="#0000ff">1. reply:Reply-Message = 'mail'<br>2. Reply-Message = 'mail'<br>3. update {<br> reply:Reply-Message = 'mail'<br>
}</font><br></blockquote>But the Reply in Figure does not contail attr Reply-Message.</div><div>Is my "<ldap attr>" invalid? I've also tried "Mail / Name / name".</div><div><br></div><div>
Thanks for your answer again.</div><div><br></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-03-02 18:08 GMT+08:00 Arran Cudbard-Bell <span dir="ltr"><<a href="mailto:a.cudbardb@freeradius.org" target="_blank">a.cudbardb@freeradius.org</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class=""><br>
On 1 Mar 2014, at 08:42, Arran Cudbard-Bell <<a href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a>> wrote:<br>
<br>
><br>
> On 1 Mar 2014, at 07:50, zz d <<a href="mailto:zzd7zzd@gmail.com">zzd7zzd@gmail.com</a>> wrote:<br>
><br>
>> I can bind as a user by configure in virtual server<br>
>> authorize {<br>
>> update {<br>
>> control:Auth-Type := ldap<br>
>> }<br>
>> }<br>
>> It works well and can authenticate a user with LDAP .<br>
>> The "radiusd -X" output like<br>
>> (2) ldap : Performing search in 'ou=a,dc=b,dc=domain' with filter '(sAMAccountName=abc)'<br>
>> (2) ldap : Waiting for search result...<br>
>> (2) ldap : User object found at DN "CN=s,OU=s,OU=s,OU=a,DC=b,DC=domain"<br>
>> (2) ldap : Waiting for bind result...<br>
>> (2) ldap : Bind successful<br>
>> (2) ldap : Bind as user "CN=a,OU=ab,OU=a,OU=qiyi,DC=b,DC=domain" was successful<br>
>> What I want to do is update reply:Reply-Message with the user information, such as<br>
>> reply:Reply-Message := "CN=a,OU=ab,OU=a,OU=qiyi,DC=b,DC=domain"<br>
>> I've tried to update reply in "mods-available/ldap", but it not work.<br>
><br>
> You need to list the LDAP module in Post-Auth or Accounting...<br>
<br>
</div>Oops. Sorry, I misread your message because your config is so broken.<br>
<br>
RHS in update block is an attribute name, NOT a DN, there are clear and explicit instructions about how to use the update block RIGHT ABOVE THE UPDATE BLOCK.<br>
<br>
I advise you READ THEM.<br>
<br>
<a href="https://github.com/FreeRADIUS/freeradius-server/blob/master/raddb/mods-available/ldap#L28" target="_blank">https://github.com/FreeRADIUS/freeradius-server/blob/master/raddb/mods-available/ldap#L28</a><br>
<div class="HOEnZb"><div class="h5"><br>
Arran Cudbard-Bell <<a href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a>><br>
FreeRADIUS Development Team<br>
<br>
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2<br>
<br>
</div></div><br>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br></div>