Fallback LDAP Attribute Value
Ivan Kalik
tnt at kalik.net
Tue Jul 7 15:29:05 CEST 2009
> I have the following line in my ldap.attrmap file to pull back a users
> VLAN assignment:
>
>> replyItem Tunnel-Private-Group-ID destinationIndicator
>
> The users file contains the following:
>
>> DEFAULT Ldap-Group == "allowed-access"
>> Service-Type = Framed-User,
>> Tunnel-Type = "VLAN",
>> Tunnel-Medium-Type = "IEEE-802"
>
> For the users which are in the "allowed-access" group those which have a
> value in the destinationIndicator attribute in LDAP work OK and are
> flipped into the appropriate VLAN. How do I specify a fallback so that
> if the user does not have this attribute set or it is empty then they
> are put into VLAN 666 for example.
Use unlang. Put something like this in post-auth:
if(reply:Tunnel-Private-Group-ID == "") {
update reply {
Tunnel-Private-Group-ID = "666"
}
}
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list