Forcing lowercase User-Name with rlm_perl

oz oz at bluemonk.de
Thu Jun 12 21:19:52 CEST 2008 

Hi Chris,

your perl-module for lower_user works perfectly!
It was important, to use it in the right order, which
means in my case before "files" ...

authorize {
     preprocess
     perl
     files
}
preacct {
        preprocess
        perl
        files
}

Doing this, User-Name is lower-cased in the auth AND acct packets.

A small problem I just had when I recompiled my freeradius-2.0.3 with
libperl-dev to make rlm_perl available. At the end of "make install"
I've got:

[...]
if [ ! -f /usr/local/etc/raddb/sites-enabled/inner-tunnel ]; then \
                cd /usr/local/etc/raddb/sites-enabled/; \
                ln -s ../sites-available/inner-tunnel; \
        fi
ln: creating symbolic link `./inner-tunnel' to
`../sites-available/inner-tunnel': File exists make[2]: *** [install]
Error 1 make[2]: Leaving directory
`/usr/local/src/freeradius-server-2.0.3/raddb' make[1]: *** [common]
Error 2 make[1]: Leaving directory
`/usr/local/src/freeradius-server-2.0.3' make: *** [install] Error 2


I decided to ignore it, because the symbolic link inner-tunnel
alread existed from my first compilation an that seems to cause the
error (is this fixed in 2.0.5 eventually?).

Thanks,
oz

> Wow Chris, looks great and is very helpful!
> 
> I will test it tomorrow and give a short feedback whether it works.
> 
> Thanks a lot,
> oz
> 
> 
> On Wed, 11 Jun 2008 14:28:13 -0700
> Chris <cjl at viptalk.net> wrote:
> 
> > I'm doing this:
> > 
> > perl_tolower.pm:
> > use strict;
> > use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
> > #
> > # This the remapping of return values
> > #
> >          use constant    RLM_MODULE_REJECT=>    0;#  /* immediately  
> > reject the request */
> >          use constant    RLM_MODULE_FAIL=>      1;#  /* module failed,  
> > don't reply */
> >          use constant    RLM_MODULE_OK=>        2;#  /* the module is  
> > OK, continue */
> >          use constant    RLM_MODULE_HANDLED=>   3;#  /* the module  
> > handled the request, so stop. */
> >          use constant    RLM_MODULE_INVALID=>   4;#  /* the module  
> > considers therequest invalid. */
> >          use constant    RLM_MODULE_USERLOCK=>  5;#  /* reject the  
> > request (useris locked out) */
> >          use constant    RLM_MODULE_NOTFOUND=>  6;#  /* user not found  
> > */
> > 	use constant    RLM_MODULE_NOOP=>      7;#  /* module succeeded  
> > withoutdoing anything */
> >          use constant    RLM_MODULE_UPDATED=>   8;#  /* OK (pairs  
> > modified) */
> >          use constant    RLM_MODULE_NUMCODES=>  9;#  /* How many  
> > return codes there are */
> > 
> > sub authorize {
> > 	$RAD_REQUEST{'User-Name'} = lc($RAD_REQUEST{'User-Name'});
> > 	return RLM_MODULE_OK;
> > }
> > 
> > sub preacct {
> > 	$RAD_REQUEST{'User-Name'} = lc($RAD_REQUEST{'User-Name'});
> > 	return RLM_MODULE_OK;
> > }
> > 
> > radiusd.conf:
> > modules {
> > ...
> >          perl {
> >                  module = /usr/local/etc/perl_tolower.pm
> >          }
> > ...
> > }
> > 
> > In sites-enabled/default:
> > 
> > authorize {
> >          preprocess
> >          perl
> > ...
> > }
> > 
> > preacct {
> >          preprocess
> >          perl
> > ...
> > }
> > 
> > Works great as long as you don't have occasion for upper-case in User- 
> > Name.
> > 
> > I am pretty sure when you define the module, you can have multiple  
> > instances.  It might be better to name this module perl-lc-username  
> > and use perl-lc-username in the authorize{} and preacct{} sections of  
> > sites-enabled/default.
> > 
> > Like this:
> > 
> > radiusd.conf:
> > 
> > modules {
> > ...
> >          perl-lc-username {
> >                  module = /usr/local/etc/perl_tolower.pm
> >          }
> > ...
> > }
> > 
> > In sites-enabled/default:
> > 
> > authorize {
> >          preprocess
> >          perl-lc-username
> > ...
> > }
> > 
> > preacct {
> >          preprocess
> >          perl-lc-username
> > ...
> > }
> > 
> > That'd be a lot clearer when you're looking at it months or years  
> > later.  I haven't tried this but it works with other modules.
> > 
> > On Jun 11, 2008, at 1:04 PM, oz wrote:
> > 
> > > On Sat, 17 May 2008 18:09:09 -0700
> > > Chris <cjl at viptalk.net> wrote:
> > >
> > >> Thanks.  I'll look at lc.
> > >> I was actually more concerned about the interfacing with  
> > >> freeradius  than the perl itself.
> > >
> > > Hello, another user here, who needs "lower_user = before" to be able  
> > > to
> > > switch to freeradius-2.0.x. Our database is an historically grown
> > > users-file.
> > >
> > > Were you or somebody else able to follow the advice of using
> > > rlm_perl and lc()?
> > >
> > > I must admit, I'm not able to program freeradius-perl-plugins :-/, but
> > > would test it if necessary. At the moment I don't even have the
> > > rlm_perl in /usr/local/lib/, but that I could solve by myself I guess
> > > (libperl-dev wasn't already installed during compile-time on my  
> > > minimal
> > > Debian/lenny etc.).
> > >
> > > I know, there is nothing like a wishlist, but the lowercase-feature is
> > > essential if we want to use 2.x it in the future.
> > >
> > > kind regards
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list