ads questions and multiple values
Phil Mayers
p.mayers at imperial.ac.uk
Sat Apr 8 16:39:57 CEST 2006
Phil Mayers wrote:
>
> If you could describe more precisely what you're trying to do I may be
> able to give a more specific answer.
Actually I've just had a quick look at your earlier email and it's a bit
clearer what you want to do - take NT groups from AD via LDAP, send them
to your Aruba after stripping the name from cn=<name>,ou=path and have
it process them - correct?
You could do this:
ldap.attrmap:
# append memberOf to radius reply as Whatever-Attribute
replyItem Whatever-Attribute memberOf +=
radiusd.conf:
modules {
# bulk of modules, then
ldap {
# ldap config
}
# chop end off
attr_rewrite stripGroupDn1 {
attribute = Whatever-Attribute
searchin = reply
searchfor = ",.*"
replacewith = ""
ignore_case = yes
new_attribute = no
max_matches = 1
append = no
}
# chop start off
attr_rewrite stripGroupDn2 {
attribute = Whatever-Attribute
searchin = reply
searchfor = "^cn="
replacewith = ""
ignore_case = yes
new_attribute = no
max_matches = 1
append = no
}
# rest of modules
}
authorize {
preprocess
ldap
stripGroupDn1
stripGroupDn2
files
}
# rest of radiusd.conf
...however, you'll need CVS HEAD for the ldap.attrmap 4th item
(operator) and for fixes to the extraction of replyItems from LDAP
attributes - or the (scantily tested) backport I've just written to
1.1.0 (attached)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fr-ldap-escape.patch
Type: text/x-patch
Size: 1638 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060408/19bf3c51/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fr-ldap-pairget.patch
Type: text/x-patch
Size: 3664 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060408/19bf3c51/attachment-0001.bin>
More information about the Freeradius-Users
mailing list