How to pass information between modules?

Fri Dec 8 21:41:28 CET 2006

My subconscious FreeRADIUS mind was saying that as well; but how to use
config items and what makes them different from RADIUS Reply attributes?

An theoritical example:

modules {
	file users {
		...
	}
	file groups {
		...
	}
}

authorized {
	users
	groups
}

file users:
martin User-Password == "gadbois"
       Group = "staff"

file groups:
DEFAULT  Group == "staff"
	Reply-Message = "Hello Staff!"

I expect this to set "martin" into the "staff" group, and a RADIUS
request returns Reply-Message "Hello Staff!!"

This does not work:
[/etc/raddb/users]:223 WARNING! Check item "Group" ?found in reply item
list for user "martin". ?This attribute MUST go on the first line with
the other check items

Some explaination, a C function or a URL would greatly help!

> 
>> In other words, how to configure those modules if the "ldap" contains
>> the group info, but "sql" the actual RADIUS attribute per group?
> 
>   You can use the "LDAP-Group" attribute, see the rlm_ldap documentation.

I got it now; LDAP-Group is like a callback into the "ldap" module,
where the LDAP group is going to be checked to the value.

I'll go update the FR LDAP Wiki.. ;-)

Thanks Alan for the quick reply.

- --
==============         +----------------------------------------------+
Martin Gadbois         | "Windows might take you from 0 to 60 faster, |
S/W Developer          |  but to go to 100 you need Unix."            |
Colubris Networks Inc. +----------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFec349Y3/iTTCEDkRAsgfAJ45vsoHrRKwsPkITrUBuPsFgbGBXACgm1yU
gjlFYOPYrcMsN80odSYfAWA=
=6TFA
-----END PGP SIGNATURE-----