Filter attributes when proxying
Martin Zuziak
zuziak at math.ku.dk
Thu Jun 1 10:34:19 CEST 2006
Hello all
Is it possible to (easily) remove single attributes sent or received
when proxying? I know it can be done with attr_filter but if you only
want to remove a single attribute while leaving the rest untouched, you
need pass rules for every other attribute.
It doesn't look like attr_rewrite can remove attributes. Am I wrong?
Otherwise I think this would be a nice feature to implement. The
attr_filter module can easily (I think) be changed to include a variable
to control whether or not passing rules are needed to allow an
attribute.
Currently attributes are only allowed if they don't fail any rules in
attrs and pass at least one rule:
if (fail == 0 && pass > 0)
This could be changed to something like
if (fail == 0 && (pass > 0 || allow_no_match))
where a variable in the attrs file could control if passing rules are
required.
Sincerely,
Martin Zuziak <zuziak at math.ku.dk>
More information about the Freeradius-Users
mailing list