Augusto G. Andreollo wrote:
I have the need to log the return code from the LDAP authentication to our database (I'm adding it to the postauth table scheme).
I wouldn't suggest doing that for EVERY packet. Why do you think it's necessary?
I've already modified the database scheme (ok), the attribute map, to create a new attribute called "reason" (ok) and the insert queries (ok). All of this is working fine, including the complete authentication, all the way thru Access-Accept and Accounting.
My problem now is getting the return code into the variable, according to the LDAP module results.
It looks like it's working. What's the problem?
(and then it goes on to successfuly add the string "rejected" to the database. Again, that part is working smoothly).
So... what's the problem?
My second attempt was with a switch statement, as follows:
authenticate { Auth-Type LDAP { redundant { ldap1 ldap2 }
switch "%{control:rcode}" {
Umm... there is no "control:rcode" attribute.
expand: %{control:rcode} -> ++- entering switch %{control:rcode} {...} +++- entering case {...}
See? No "control:rcode".
(to save room, i've already tried encasing the case options in quotes, as 'rejected', 'ok', etc.. that gives me the exact same results. So does putting it on double quotes, as "ok", "rejected", etc..)
So, any ideas?
Use the first method, not the second. Alan DeKok.