rlm_ldap and Stripped-User-Name

Luke technodolt at gmail.com
Tue Nov 4 02:27:33 CET 2008


I'm trying to use rlm_ldap to do group lookups for dynamic vlan assignment.

I've got freeradius (version 2.1.1) to connect to my ldap server, but
when it tries searching, it's not working correctly.

I'm not getting a Stripped-User-Name, and the non-stripped user name
is coming across as "<domain>\5c<username>".

I've been looking around for a couple of hours now, and have yet to
find out how to make it either
a) give me a stripped user name or
b) figure out some way to strip the username myself.

I was trying to use something I had found before where someone was
using attr_rewrite to manually create the Stripped-User-Name, but it
wasn't working at all.

The first part was copying User-Name into Stripped-User-Name, and
since the original username happens to have the string \t in it, it
was interpreting that as a tab, instead of straight copying the text.
Then when I tried to do regex replacement on it, the string was in
this crazy state where it had a bunch of extra spaces in it due to the
\t being interpreted as a tab.

Can someone help me out with this?  I'm not sure what I'm doing wrong
that's preventing the Stripped-User-Name from working in the first
place, or how to work around the fact that the attr_rewrite is not
directly copying the text into my variable, and is instead
interpreting it.

Thanks,
Luke



More information about the Freeradius-Users mailing list