New checkItem from LDAP
Joe H
jharlan at gwi.net
Tue Aug 30 15:59:36 CEST 2005
I am trying to create a new checkItem using an attribute stored in LDAP.
I would like radius to check ldap to see if the attribute exists for a
user and if it does, not assign a radiusPoolName. I have a
radiusSNSEnable attribute setup in ldap and in the dictionary files as a
check item.
I have done lots of testing and googling and I have not found a clean
solution that works. Below is the entry from my users file:
DEFAULT SNS-Enable != "1"
USR-Framed_IP_Address_Pool_Name = "BLACKHOLE1",
Idle-Timeout := "120",
Fall-Through = Yes
Correct me if I'm wrong but that should mean, if the SNS-Enable attribute
does not equal 1, assign the USR-Framed_IP_Address_Pool_Name and
Idle-Timeout. I have SNS-Enable as a checkItem mapped to radiusSNSEnable
in the ldap.attrmap.
Does anyone have a solution for this? Could it be a processing order
problem that I'm seeing? Does it process the users file and then LDAP so
it's not checking or assigning the variable properly? If I set
radiusSNSEnable as a replyItem I see it in the radius reply so I know it's
getting the value.
Thanks in advance for anyone that can help.
More information about the Freeradius-Users
mailing list