allowing multiple values through the attribute filter
Alan DeKok
aland at deployingradius.com
Mon Oct 22 13:50:15 CEST 2007
A.L.M.Buxey at lboro.ac.uk wrote:
> realm.com
> Session-Timeout <= 28800,
> Idle-Timeout <= 600,
> Tunnel-Medium-Type == IEEE-802,
> Tunnel-Type == VLAN,
> Tunnel-Private-Group-Id == testvlan
>
> this works...and allows ONLY 'testvlan' attribute to be returned
> but I also need to accept 'othervlan' and a structure of
>
> Tunnel-Private-Group-Id =~ ( /^testvlan$/ || /^othervlan$/ )
>
> doesnt do what i need. is this do-able in attribute filter
> or can I construct something in unlang (this is a 2.0.0pre2 server)
It's not doable in the attr_filter module, which is mostly a
re-branded "users" file.
It is possible in CVS head (not in the 2.0.0-pre2 release). See "man
unlang" for filtering attributes. Although those filtering attributes
SHOULD really be split into separate "permit" and "deny" sections, and
shouldn't go into "update".
Alan DeKok.
More information about the Freeradius-Users
mailing list