Problem cheking multivalued attributes in LDAP schemas.

Kostas Kalevras kkalev at noc.ntua.gr
Mon Dec 4 15:27:27 CET 2006


Erling Paulsen wrote:

> I try to make a decision based on checking for a value in a certain 
> attribute of a LDAP schema. The problem is that this is a multivalued 
> attribute, and it seems somewhat undefined when I try to check against 
> it!
>
> My exact problem is checking against a "eduPerson" schema for an 
> affiliation on an attribute called "eduPersonAffiliation" (which is 
> multivalued). I want to check if a certain user has the right 
> affiliation=xxxx before assigning a dynamic Vlan.
>
> I fetch the attribute in Authorization as "LDAP-Affiliation" (mapped 
> as a checkItem in ldap.attrmap). I've tried checking with the regular 
> expression operator (i.e. for "staff" affiliation), but it seems to 
> not give a match. Ex. check-statement from users file:
>     LDAP-Affiliation :~ .*staff.*
>
> In the LDAP-backend the "eduPersonAffiliation" is shown as containing:
>
> eduPersonAffiliation:
>     employee
>     staff
>     member
>
> Is this a common problem in checking against multivalued attributes, 
> or is there a way around it?
>
>
> Any feedback would be appreciated!
> - Erling Paulsen
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

You could try using the checkval module which supports multivalued 
attributes



More information about the Freeradius-Users mailing list