ldap.attrmap problem

pieter.hotting pieter.hotting at hetnet.nl
Sat Jun 4 13:02:19 CEST 2005 

> -----Oorspronkelijk bericht-----
> Van: freeradius-users-bounces at lists.freeradius.org 
>      [mailto:freeradius-users-bounces at lists.freeradius.org]
>      Namens Alan DeKok
> Verzonden: donderdag 2 juni 2005 23:47
> Aan: FreeRadius users mailing list
> Onderwerp: Re: ldap.attrmap problem
>
> "pieter.hotting" <pieter.hotting at hetnet.nl> wrote:
>> When I look at a datascope to the interaction between FreeRadius and 
>> eDirectory I see correctly the response:
>>   
>> rADIUSDialAccessGroup-->cn=E_VPN_Clients_1,ou=RmtAcc,ou=SERVICES,o=AN. >> However if I look at the output of radius I see:
>>         rlm_ldap: looking for reply items in directory...
>>         rlm_ldap: Adding rADIUSDialAccessGroup as CVPN-3k-Groups, 
>>                   value cn & op=11
>> 
>> This tells me that for some reason the response is stripped at the '='
>> sign.
>> 
>> Can anyone point me in the right direction what I'm doing wrong?
>  The LDAP module looks in the contents of the returned data to 
> determine the operator.  You can force it to use a particular operator 
> by adding an extra field to ldap.attrmap:
>
> replyItem       CVPN-3k-Groups                  rADIUSDialAccessGroup +=
>
>  This only works in the CVS snapshot, though.
>
>  Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? 
> See http://www.freeradius.org/list/users.html
Thanks for the response. I tested with the CVS snapshot and modified ldap.attrmap. However I could not get it to work. Freeradius kept sending just "cn" as a response to the VPN server instead of the full string which Freeradius received from the ldap-server. 
However you pointed me in the right direction. I made a "quick an dirty" change in rlm_ldap.c. I changed the procedure ldap_pairget. The parameter "value" is the stripped version of what ldap returned. The parameter vals[0] is containing the original string. I just replaced value by vals[0] and it is working.
Below you can see the changes I applied. The original code is commented out by /*  */:
DEBUG("rlm_ldap: Adding LDAP attribute %s as RADIUS attribute %s %s %s",
    element->attr,
    element->radius_attr,
/*  lrad_int2str(tokens, token, "?"), value); */
    lrad_int2str(tokens, token, "?"), vals[0]);
/*  if ((newpair = pairmake(element->radius_attr, value, token)) == NULL) */
    if ((newpair = pairmake(element->radius_attr, vals[0], token)) == NULL)
If there is a beter more elegant way to solve this problem, please let me know.
Thanks,
Pieter

More information about the Freeradius-Users mailing list