Dynamic Vlan Allocation based on LDAP Attribute Value
Paul Dealy
pdealy at gmail.com
Tue Feb 17 00:49:35 CET 2009
On Tue, Feb 17, 2009 at 9:50 AM, <tnt at kalik.net> wrote:
>>Am I correct in saying that the LDAP-attribute that is mapped to
>>Tunnel-Private-Group-ID would need to be set to the value of the the
>>VLAN I require? The LDAP-attribute that I wish to use curently
>>contains values like "ITISCP" and "ENISCP". I want to say if
>>attribute value == ITISCP set vlan to 226 (ie Tunnel-Private-Group-ID
>>= 226). Using ldap.attrmap mappings I would need to store the
>>required vlan in a LDAP attribute. (I can't change the LDAP only read
>>it).
>>
>
> No. You can define your own attribute (let's say VLAN-Flag) in
> raddb/dictionary and use unlang in authorize section to test and set
> tunnel attributes.
Thanks Ivan,
I've configured a dictionary value "userORGUNIT" and added a
ldap.attrmap mapping. I've tried to perform a comparison operation
on the value of userORGUNIT in the config file: users.
i.e DEFAULT userORGUNIT == "HR"
Tunnel-Private-Group-Id = "226"
But this does not match, even though debug shows "rlm_ldap: Adding
userORGUNIT as userORGUNIT, value HR & op=21"
Is this the correct location for these comparison operations? There
are around 50 userORGUNIT''s that I need to compare against.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list