Problem cheking multivalued attributes in LDAP schemas.
Thibault Le Meur
Thibault.LeMeur at supelec.fr
Mon Dec 4 15:34:21 CET 2006
> -----Message d'origine-----
> De :
> freeradius-users-bounces+thibault.lemeur=supelec.fr at lists.free
> radius.org
> [mailto:freeradius-users-bounces+thibault.lemeur=supelec.fr at li
> sts.freeradius.org] De la part de Erling Paulsen
> Envoyé : lundi 4 décembre 2006 15:11
> À : FreeRadius users mailing list
> Objet : Problem cheking multivalued attributes in LDAP schemas.
>
>
> I try to make a decision based on checking for a value in a certain
> attribute of a LDAP schema. The problem is that this is a multivalued
> attribute, and it seems somewhat undefined when I try to
> check against it!
>
> My exact problem is checking against a "eduPerson" schema for an
> affiliation on an attribute called "eduPersonAffiliation" (which is
> multivalued). I want to check if a certain user has the right
> affiliation=xxxx before assigning a dynamic Vlan.
>
> I fetch the attribute in Authorization as "LDAP-Affiliation"
> (mapped as
> a checkItem in ldap.attrmap).
This LDAP-Affiliation is not a standard Radius attribute... Have you defined
it in freeradius dictionary files ?
> I've tried checking with the regular
> expression operator (i.e. for "staff" affiliation), but it
> seems to not
> give a match. Ex. check-statement from users file:
> LDAP-Affiliation :~ .*staff.*
I do not know this ":~" operator, have you tried "=~" instead ?
Thibault
More information about the Freeradius-Users
mailing list