Forcing lowercase User-Name with rlm_perl

Chris cjl at viptalk.net
Wed Jun 11 23:28:13 CEST 2008


I'm doing this:

perl_tolower.pm:
use strict;
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
#
# This the remapping of return values
#
         use constant    RLM_MODULE_REJECT=>    0;#  /* immediately  
reject the request */
         use constant    RLM_MODULE_FAIL=>      1;#  /* module failed,  
don't reply */
         use constant    RLM_MODULE_OK=>        2;#  /* the module is  
OK, continue */
         use constant    RLM_MODULE_HANDLED=>   3;#  /* the module  
handled the request, so stop. */
         use constant    RLM_MODULE_INVALID=>   4;#  /* the module  
considers therequest invalid. */
         use constant    RLM_MODULE_USERLOCK=>  5;#  /* reject the  
request (useris locked out) */
         use constant    RLM_MODULE_NOTFOUND=>  6;#  /* user not found  
*/
	use constant    RLM_MODULE_NOOP=>      7;#  /* module succeeded  
withoutdoing anything */
         use constant    RLM_MODULE_UPDATED=>   8;#  /* OK (pairs  
modified) */
         use constant    RLM_MODULE_NUMCODES=>  9;#  /* How many  
return codes there are */

sub authorize {
	$RAD_REQUEST{'User-Name'} = lc($RAD_REQUEST{'User-Name'});
	return RLM_MODULE_OK;
}

sub preacct {
	$RAD_REQUEST{'User-Name'} = lc($RAD_REQUEST{'User-Name'});
	return RLM_MODULE_OK;
}

radiusd.conf:
modules {
...
         perl {
                 module = /usr/local/etc/perl_tolower.pm
         }
...
}

In sites-enabled/default:

authorize {
         preprocess
         perl
...
}

preacct {
         preprocess
         perl
...
}

Works great as long as you don't have occasion for upper-case in User- 
Name.

I am pretty sure when you define the module, you can have multiple  
instances.  It might be better to name this module perl-lc-username  
and use perl-lc-username in the authorize{} and preacct{} sections of  
sites-enabled/default.

Like this:

radiusd.conf:

modules {
...
         perl-lc-username {
                 module = /usr/local/etc/perl_tolower.pm
         }
...
}

In sites-enabled/default:

authorize {
         preprocess
         perl-lc-username
...
}

preacct {
         preprocess
         perl-lc-username
...
}

That'd be a lot clearer when you're looking at it months or years  
later.  I haven't tried this but it works with other modules.

On Jun 11, 2008, at 1:04 PM, oz wrote:

> On Sat, 17 May 2008 18:09:09 -0700
> Chris <cjl at viptalk.net> wrote:
>
>> Thanks.  I'll look at lc.
>> I was actually more concerned about the interfacing with  
>> freeradius  than the perl itself.
>
> Hello, another user here, who needs "lower_user = before" to be able  
> to
> switch to freeradius-2.0.x. Our database is an historically grown
> users-file.
>
> Were you or somebody else able to follow the advice of using
> rlm_perl and lc()?
>
> I must admit, I'm not able to program freeradius-perl-plugins :-/, but
> would test it if necessary. At the moment I don't even have the
> rlm_perl in /usr/local/lib/, but that I could solve by myself I guess
> (libperl-dev wasn't already installed during compile-time on my  
> minimal
> Debian/lenny etc.).
>
> I know, there is nothing like a wishlist, but the lowercase-feature is
> essential if we want to use 2.x it in the future.
>
> kind regards
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list