Issue with VSA Attributes with Tags and 3.0x
Peter Lambrechtsen
peter at crypt.co.nz
Sun Aug 16 00:17:56 CEST 2015
Hi
I'm trying to pass a number of Tunnel-Type VSAs from RFC2868 back that have
multiple tags to a NAS using LDAP generic mapping attributes.
This used to work in 2.x, but no longer works in 3.0.x
In LDAP I have a multi-valued attribute that contains all the VSAs I want
to return:
Tunnel-Type:1 = L2TP
Tunnel-Type:2 = L2TP
Tunnel-Medium-Type:1 = IP
Tunnel-Medium-Type:2 = IP
Tunnel-Server-Endpoint:1 = 1.2.3.4
Tunnel-Server-Endpoint:2 = 2.3.4.5
Previously in 2.x I had the ldap.attrmap to set the $GENERIC$ point to the
ldap attribute I have defined
replyItem $GENERIC$ ReplyProfile
Received Access-Accept
Service-Type = Outbound-User
Tunnel-Type:1 = L2TP
Tunnel-Type:2 = L2TP
Tunnel-Medium-Type:1 = IPv4
Tunnel-Medium-Type:2 = IPv4
Tunnel-Server-Endpoint:1 = "1.2.3.4"
Tunnel-Server-Endpoint:2 = "2.3.4.5"
Doing the same thing in 3.0.x I have set the update reply to the same LDAP
Attribute.
update {
reply: += 'ReplyProfile'
}
Received Access-Accept
Service-Type = Outbound-User
Tunnel-Type:0 = L2TP
Tunnel-Type:0 = L2TP
Tunnel-Medium-Type:0 = IPv4
Tunnel-Medium-Type:0 = IPv4
Tunnel-Server-Endpoint:0 = "1.2.3.4"
Tunnel-Server-Endpoint:0 = "2.3.4.5"
The issue I can see is in rlm_ldap it is calling map_to_vp to convert the
map into a Value Pair, but the tag never gets added to the VP.
In main/map.c under map_to_vp
case TMPL_TYPE_LITERAL:
Needs to pass back the tag
new->tag = map->lhs->tmpl_tag;
I've created a pull request here:
https://github.com/FreeRADIUS/freeradius-server/pull/1191
Hopefully that's all correct?
Cheers
Peter
More information about the Freeradius-Devel
mailing list