Hi, I need to remove some attributes from the reply(*). Attr_filter does that only for proxy responses. So I wrote it: I added another parameter to attr_filter config, filterlocal, defaults to 'no'. Once you set it to 'yes' it filters locally originated attributes too. I did it in 1.0.1 source cuz it comes with redhat. So, how do I contribute? *) Yes nonsense you might say, just don't put these attribs to your config and you won't need to remove them, right?:) But I use Caller-Station-Id (and others) to perform db lookups and in the process I change its value. For both proxied and local realms. In two-stage auth (proxy.conf:post_proxy_authorize=yes). Regards...
Josip Almasi wrote:
I need to remove some attributes from the reply(*). Attr_filter does that only for proxy responses. So I wrote it: I added another parameter to attr_filter config, filterlocal, defaults to 'no'. Once you set it to 'yes' it filters locally originated attributes too.
It doesn't really matter if there're too much attributes during authorize. I think deleting unwanted attributes in the reply packet should be done in post-auth. (filtering the reply packet in post-auth will work on both proxied and local realms) See rlm_attr_filter.c in a nightly CVS snapshot, it can be run from the post-auth section. -- Nicolas Baradakis
Nicolas Baradakis wrote:
It doesn't really matter if there're too much attributes during authorize. I think deleting unwanted attributes in the reply packet should be done in post-auth.
Agreed.
(filtering the reply packet in post-auth will work on both proxied and local realms)
See rlm_attr_filter.c in a nightly CVS snapshot, it can be run from the post-auth section.
Well this makes my patch obsolete:) TNX Regards...
participants (2)
-
Josip Almasi -
Nicolas Baradakis