LDAP module problem in 2.0.3
Christian Goebel
christian.goebel at cte.lu
Tue Apr 15 09:53:00 CEST 2008
Hi Jason,
with the answer from Alan we have found the dn-information in the control
item. You must use %{control:Ldap-UserDn} instead of %{Ldap-UserDn}
Regards,
Christan
On Monday 14 April 2008 23:18:42 Jason Alderfer wrote:
> > Jason Alderfer wrote:
> >> I'm testing upgrading to 2.0.3 from 1.1.7 and it appears that the LDAP
> >> module in 2.0.3 is not setting the Ldap-UserDn in a way that is
> >> available
> >> for further analysis.
> >
> > It's now in the "control" item list. This should be better
> > documented...
>
> But the function ldap_postauth in rlm_ldap.c still looks for Ldap-UserDn
> in request->packet->vps. Should I patch it to look in the new
> location? Or will it even exist in the control items in post auth?
>
> vp_fdn = pairfind(request->packet->vps, da->attr);
> if (vp_fdn == NULL) {
> DEBUG("rlm_ldap: User's FQDN not in config items list.");
> return RLM_MODULE_FAIL;
> }
>
>
> Also, I can see on the unlang man page how to update an item on the
> control list, but I'm not clear how to test one. What should I change in
> the unlang below?
>
> if (Ldap-UserDn =~ /ou=is,ou=n,o=emu/i) {
> update reply {
> Tunnel-Type := "VLAN"
> Tunnel-Medium-Type := "IEEE-802"
> Tunnel-Private-Group-Id := 3
> }
> }
>
> Thanks
> Jason
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list