rlm_perl to authenticate against data in ldap
Hi Everyone, I browsed the mailing list for possible solutions to the problem I have but unfortunately I didn't find any (or something I missed I dunno) We have this Cisco ISG 7301 router that we are using that are passing the Remote-ID av pair as its User-Name (just a copy not that it matters) Now, the remote ID format is ascii in format but hexadecimal in meaning 0000079d010100660000000000000000000050544e55544147303033000705000064 We would only want to authenticate the part after the 20 zeroes "50544e55544147303033000705000064". By the way the length before this substring is always fixed (18 bytes) so we only want the part after 18 bytes. is it possible to parse this string in perl then passing the result string to ldap for authentication? Or will we use ldap inside rlm_perl? Just to add, we also want to check the first 4 bytes (0000079d) if it is not in this format, we'll treat the whole user-id as a whole. Thank you in advanced. Vincent
Vincent Arniego wrote:
I browsed the mailing list for possible solutions to the problem I have but unfortunately I didn't find any (or something I missed I dunno)
We have this Cisco ISG 7301 router that we are using that are passing the Remote-ID av pair as its User-Name (just a copy not that it matters) Now, the remote ID format is ascii in format but hexadecimal in meaning 0000079d010100660000000000000000000050544e55544147303033000705000064
We would only want to authenticate the part after the 20 zeroes "50544e55544147303033000705000064". By the way the length before this substring is always fixed (18 bytes) so we only want the part after 18 bytes.
What does that mean? "we want to authenticate the part...". What kind of authentication? How?
is it possible to parse this string in perl then passing the result string to ldap for authentication? Or will we use ldap inside rlm_perl?
First, define what you want to do. Do you want to treat that string as a user id in LDAP, and do uid lookups based on it, or.... do you want to do something else?
Just to add, we also want to check the first 4 bytes (0000079d) if it is not in this format, we'll treat the whole user-id as a whole.
FreeRADIUS supports regular expressions, and can easily do that kind of check. Alan DeKok.
I browsed the mailing list for possible solutions to the problem I have but unfortunately I didn't find any (or something I missed I dunno)
We have this Cisco ISG 7301 router that we are using that are passing the Remote-ID av pair as its User-Name (just a copy not that it matters) Now, the remote ID format is ascii in format but hexadecimal in meaning 0000079d010100660000000000000000000050544e55544147303033000705000064
We would only want to authenticate the part after the 20 zeroes "50544e55544147303033000705000064". By the way the length before this substring is always fixed (18 bytes) so we only want the part after 18 bytes.
is it possible to parse this string in perl then passing the result string to ldap for authentication?
Yes, it will be passed as $RAD_REQUEST{'User-Name'}. Rewrite the username to what you think it should be in perl. Just list perl before ldap in authorize. Ivan Kalik Kalik Informatika ISP
participants (3)
-
Alan DeKok -
Ivan Kalik -
Vincent Arniego