Problem cheking multivalued attributes in LDAP schemas.
Kostas Kalevras
kkalev at noc.ntua.gr
Mon Dec 4 15:27:27 CET 2006
Erling Paulsen wrote:
> I try to make a decision based on checking for a value in a certain
> attribute of a LDAP schema. The problem is that this is a multivalued
> attribute, and it seems somewhat undefined when I try to check against
> it!
>
> My exact problem is checking against a "eduPerson" schema for an
> affiliation on an attribute called "eduPersonAffiliation" (which is
> multivalued). I want to check if a certain user has the right
> affiliation=xxxx before assigning a dynamic Vlan.
>
> I fetch the attribute in Authorization as "LDAP-Affiliation" (mapped
> as a checkItem in ldap.attrmap). I've tried checking with the regular
> expression operator (i.e. for "staff" affiliation), but it seems to
> not give a match. Ex. check-statement from users file:
> LDAP-Affiliation :~ .*staff.*
>
> In the LDAP-backend the "eduPersonAffiliation" is shown as containing:
>
> eduPersonAffiliation:
> employee
> staff
> member
>
> Is this a common problem in checking against multivalued attributes,
> or is there a way around it?
>
>
> Any feedback would be appreciated!
> - Erling Paulsen
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
You could try using the checkval module which supports multivalued
attributes
More information about the Freeradius-Users
mailing list