"Conditional" LDAP Profile

Alan DeKok aland at deployingradius.com
Mon Aug 6 01:31:11 CEST 2007


CJ wrote:
> Using 1.1.6 out of FreeBSD ports (no 1.1.7 yet).
> 
> Looking to use LDAP-stored attributes conditionally based on hints:
...
> It appears that my User-Profile := `DN` does not go through  
> radius_xlat and my %u variable in the check item is never expanded.   
> Is this expected behavior?

  Yes.  Not everything is expanded.

> If I hard-code the DN with the user-name instead of %u it works  
> great, but won't solve my problem.
> 
> I got the idea from the rlm_ldap doc:
> 
>      ...it can be set through the hints file in the authorize section:
> 
>      DEFAULT Ldap-UserDN := `uid=%{User- 
> Name},ou=people,dc=company,dc=com`

  That works in the "users" file.

> Any thoughts or guidance or clarity on LDAP profile usage appreciated.

  Try the current CVS head.  See "man unlang".  It's ever so much better
than what's in 1.x.

  Alan DeKok.




More information about the Freeradius-Users mailing list