New checkItem from LDAP

Joe H jharlan at gwi.net
Tue Aug 30 15:59:36 CEST 2005


I am trying to create a new checkItem using an attribute stored in LDAP.

I would like radius to check ldap to see if the attribute exists for a 
user and if it does, not assign a radiusPoolName.  I have a 
radiusSNSEnable attribute setup in ldap and in the dictionary files as a 
check item.

I have done lots of testing and googling and I have not found a clean 
solution that works.  Below is the entry from my users file:

DEFAULT SNS-Enable != "1"
         USR-Framed_IP_Address_Pool_Name = "BLACKHOLE1",
         Idle-Timeout := "120",
         Fall-Through = Yes

Correct me if I'm wrong but that should mean, if the SNS-Enable attribute 
does not equal 1, assign the USR-Framed_IP_Address_Pool_Name and 
Idle-Timeout.  I have SNS-Enable as a checkItem mapped to radiusSNSEnable 
in the ldap.attrmap.

Does anyone have a solution for this?  Could it be a processing order 
problem that I'm seeing?  Does it process the users file and then LDAP so 
it's not checking or assigning the variable properly?  If I set 
radiusSNSEnable as a replyItem I see it in the radius reply so I know it's 
getting the value.

Thanks in advance for anyone that can help.



More information about the Freeradius-Users mailing list