Forcing lowercase User-Name with rlm_perl
Chris
cjl at viptalk.net
Wed Jun 11 23:28:13 CEST 2008
I'm doing this:
perl_tolower.pm:
use strict;
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
#
# This the remapping of return values
#
use constant RLM_MODULE_REJECT=> 0;# /* immediately
reject the request */
use constant RLM_MODULE_FAIL=> 1;# /* module failed,
don't reply */
use constant RLM_MODULE_OK=> 2;# /* the module is
OK, continue */
use constant RLM_MODULE_HANDLED=> 3;# /* the module
handled the request, so stop. */
use constant RLM_MODULE_INVALID=> 4;# /* the module
considers therequest invalid. */
use constant RLM_MODULE_USERLOCK=> 5;# /* reject the
request (useris locked out) */
use constant RLM_MODULE_NOTFOUND=> 6;# /* user not found
*/
use constant RLM_MODULE_NOOP=> 7;# /* module succeeded
withoutdoing anything */
use constant RLM_MODULE_UPDATED=> 8;# /* OK (pairs
modified) */
use constant RLM_MODULE_NUMCODES=> 9;# /* How many
return codes there are */
sub authorize {
$RAD_REQUEST{'User-Name'} = lc($RAD_REQUEST{'User-Name'});
return RLM_MODULE_OK;
}
sub preacct {
$RAD_REQUEST{'User-Name'} = lc($RAD_REQUEST{'User-Name'});
return RLM_MODULE_OK;
}
radiusd.conf:
modules {
...
perl {
module = /usr/local/etc/perl_tolower.pm
}
...
}
In sites-enabled/default:
authorize {
preprocess
perl
...
}
preacct {
preprocess
perl
...
}
Works great as long as you don't have occasion for upper-case in User-
Name.
I am pretty sure when you define the module, you can have multiple
instances. It might be better to name this module perl-lc-username
and use perl-lc-username in the authorize{} and preacct{} sections of
sites-enabled/default.
Like this:
radiusd.conf:
modules {
...
perl-lc-username {
module = /usr/local/etc/perl_tolower.pm
}
...
}
In sites-enabled/default:
authorize {
preprocess
perl-lc-username
...
}
preacct {
preprocess
perl-lc-username
...
}
That'd be a lot clearer when you're looking at it months or years
later. I haven't tried this but it works with other modules.
On Jun 11, 2008, at 1:04 PM, oz wrote:
> On Sat, 17 May 2008 18:09:09 -0700
> Chris <cjl at viptalk.net> wrote:
>
>> Thanks. I'll look at lc.
>> I was actually more concerned about the interfacing with
>> freeradius than the perl itself.
>
> Hello, another user here, who needs "lower_user = before" to be able
> to
> switch to freeradius-2.0.x. Our database is an historically grown
> users-file.
>
> Were you or somebody else able to follow the advice of using
> rlm_perl and lc()?
>
> I must admit, I'm not able to program freeradius-perl-plugins :-/, but
> would test it if necessary. At the moment I don't even have the
> rlm_perl in /usr/local/lib/, but that I could solve by myself I guess
> (libperl-dev wasn't already installed during compile-time on my
> minimal
> Debian/lenny etc.).
>
> I know, there is nothing like a wishlist, but the lowercase-feature is
> essential if we want to use 2.x it in the future.
>
> kind regards
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list