conditional variable syntax doesn't work in LDAP xlat strings
Németh Tamás
nice at titanic.nyme.hu
Tue Jun 9 08:31:47 CEST 2009
Dear developers,
Sorry for posting a a bugreport here, but http://bugs.freeradius.org is
not working for several days (or is it intentionally and utterly down?).
I wanted to evaluate this expression (in /etc/raddb/sites-enabled/default in the authorize section):
if ( "%{%{Stripped-User-Name}:-%{User-Name}}" == "%{ldap:ldap:///ou=People,ou=sopron,o=nyme,dc=hu?cn?sub?(&(cn=%{%{Stripped-User-Name}:-%{User-Name}})(radiusCallingStationId=*))}" &&
"%{ldap:ldap:///ou=People,ou=sopron,o=nyme,dc=hu?radiusCallingStationId?sub?(&(cn=%{%{Stripped-User-Name}:-%{User-Name}})(radiusCallingStationId=%{request:Calling-Station-Id}))}" != "%{request:Calling-Station-Id}" ) {
but freeradius 2.1.6 behaved like this:
+++? if ("%{%{Stripped-User-Name}:-%{User-Name}}" == "%{ldap:ldap:///ou=People,ou=sopron,o=nyme,dc=hu?cn?sub?(&(cn=%{%{Stripped-User-Name}:-%{User-Name}})(radiusCallingStationId=*))}" &&
"%{ldap:ldap:///ou=People,ou=sopron,o=nyme,dc=hu?radiusCallingStationId?sub?(&(cn=%{%{Stripped-User-Name}:-%{User-Name}})(radiusCallingStationId=%{request:Calling-Station-Id}))}" != "%{request:Calling-Station-Id}" )
expand: %{Stripped-User-Name} ->
expand: %{User-Name} -> nice
expand: %{%{Stripped-User-Name}:-%{User-Name}} -> nice
rlm_ldap: - ldap_xlat
No trailing :- after variable at %{Stripped-User-Name}
expand: ldap:///ou=People,ou=sopron,o=nyme,dc=hu?cn?sub?(&(cn=%{%{Stripped-User-Name} -> ldap:///ou=People,ou=sopron,o=nyme,dc=hu?cn?sub?(&(cn=
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,ou=sopron,o=nyme,dc=hu, with filter (&(cn=
rlm_ldap: ldap_search() failed: Bad search filter: (&(cn=
rlm_ldap: Search returned error
rlm_ldap: ldap_release_conn: Release Id: 0
expand: %{ldap:ldap:///ou=People,ou=sopron,o=nyme,dc=hu?cn?sub?(&(cn=%{%{Stripped-User-Name}:-%{User-Name}})(radiusCallingStationId=*))} -> nice)(radiusCallingStationId=*))
That is, it expanded "%{ldap:ldap:///ou=People,ou=sopron,o=nyme,dc=hu?cn?sub?(&(cn=%{%{Stripped-User-Name}:-%{User-Name}})(radiusCallingStationId=*))}" as a mere "ldap:///ou=People,ou=sopron,o=nyme,dc=hu?cn?sub?
(&(cn=%{%{Stripped-User-Name}" concatenated with "%{User-Name}})(radiusCallingStationId=*))", and thus it evaluated it as "nice)(radiusCallingStationId=*))" instead of "nice".
However, it works if I'm using "%u" (or eventually %{control:Tmp-String-0}) instead of "%{%{Stripped-User-Name}:-%{User-Name}}" :
+++? if ("%u" == "%{ldap:ldap:///ou=People,ou=sopron,o=nyme,dc=hu?cn?sub?(&(cn=%u)(radiusCallingStationId=*))}" && "%{ldap:ldap:///ou=People,ou=sopron,o=nyme,dc=hu?radiusCallingStationId?sub?(&(cn=%u)
(radiusCallingStationId=%{request:Calling-Station-Id}))}" != "%{request:Calling-Station-Id}" )
expand: %u -> nice
rlm_ldap: - ldap_xlat
expand: ldap:///ou=People,ou=sopron,o=nyme,dc=hu?cn?sub?(&(cn=%u)(radiusCallingStationId=*)) -> ldap:///ou=People,ou=sopron,o=nyme,dc=hu?cn?sub?(&(cn=nice)(radiusCallingStationId=*))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,ou=sopron,o=nyme,dc=hu, with filter (&(cn=nice)(radiusCallingStationId=*))
rlm_ldap: Adding attribute cn, value: nice
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: - ldap_xlat end
expand: %{ldap:ldap:///ou=People,ou=sopron,o=nyme,dc=hu?cn?sub?(&(cn=%u)(radiusCallingStationId=*))} -> nice
More information about the Freeradius-Devel
mailing list