Issue with VSA Attributes with Tags and 3.0x
a.cudbardb at freeradius.org
Sun Aug 16 01:01:48 CEST 2015
> On 15 Aug 2015, at 18:17, Peter Lambrechtsen <peter at crypt.co.nz> wrote:
> I'm trying to pass a number of Tunnel-Type VSAs from RFC2868 back that have
> multiple tags to a NAS using LDAP generic mapping attributes.
> This used to work in 2.x, but no longer works in 3.0.x
> In LDAP I have a multi-valued attribute that contains all the VSAs I want
> to return:
> Tunnel-Type:1 = L2TP
> Tunnel-Type:2 = L2TP
> Tunnel-Medium-Type:1 = IP
> Tunnel-Medium-Type:2 = IP
> Tunnel-Server-Endpoint:1 = 220.127.116.11
> Tunnel-Server-Endpoint:2 = 18.104.22.168
> Previously in 2.x I had the ldap.attrmap to set the $GENERIC$ point to the
> ldap attribute I have defined
*sigh* that was a a hack for backwards compatibility. You should really use the generic attribute, and qualify your attributes in LDAP with list prefixes.
I guess it should still be fixed though.
It's feeling a lot like map_to_request and callbacks should be altered in v3.1.x so that they produce a list of maps with the rhs resolved to TMPL_TYPE_DATA, instead of producing VPs. We then get rid of the 'op' field from VALUE_PAIRs and remove all the pairmove functions and switch everything to operate on map lists.
That's a lot cleaner where the destination is a list, or looking forward, a grouping attribute.
I've merged your changes for v3.0.x, and done a similar thing for map_exec_to_vp which should fix the same issues when passing back pairs using backtick expansion and a list on the LHS.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Freeradius-Devel