Issue with VSA Attributes with Tags and 3.0x

Peter Lambrechtsen peter at crypt.co.nz
Mon Aug 17 02:55:20 CEST 2015


On Mon, Aug 17, 2015 at 10:06 AM, Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:

> You know generic got even more beautiful and generic and can now represent
> any
> list in the server, right?
>
> That's what the valuepair_attribute configuration item sets, the one true
> generic
> LDAP attribute who's values can represent any request/list and value in the
> server.
>
> You can even do things like:
>
>         radiusAttribute: outer.request: +=
> `/my/script/that/makes/multuple/attributes`
>
>         radiusAttribute: request:User-Name := 'foo'
>
>         radiusAttribute: disconnect:Acct-Session-Id :=
> &outer.request:Acct-Session-Id
>
> Code path is similar to update blocks in config files.
>

Ohhh I did not know that. Very cool. This will make my config even simpler
than before. One multivalued LDAP Attribute to rule them all.

That then drives me to do something... Update the wiki page:
http://wiki.freeradius.org/modules/Rlm_ldap As the wiki is missing so much
on v3 changes and niceites on how to setup dynamic clients plus examples of
LDIF files on the server side to get people going.
Probably worth splitting the page in two for a v2 vs v3 config, as there
are still plenty of folks running v2 out there (myself included) that keep
on asking the same questions in -users that would probably benefit from
reading the wiki.


More information about the Freeradius-Devel mailing list