Fallback LDAP Attribute Value

Steven Carr steven.carr at sunderland.ac.uk
Wed Jul 8 14:47:20 CEST 2009


On 8/7/09 08:18, Steven Carr wrote:
> On 7/7/09 17:01, Ivan Kalik wrote:
>> Yes.
>>
>> if(((!reply:...) || (reply:... = "")) && Huntgroup-Name = "whatever")
> 
> This works for those users that have the attribute set as a fallback
> measure but how do I stop it from returning the attribute when it was
> retrieved from LDAP, again I only want this attribute to be returned
> when the are calling from a particular huntgroup.
> 
> So the scenario is - if they are calling from huntgroup "ciscoswitches"
> then we return the attributes either the value from LDAP for the VLAN or
> the fallback value from the post auth, if they are not calling from the
> huntgroup then don't return these attributes.

Is it not possible to use something like...

	if ((!Huntgroup-Name) || (Huntgroup-Name != "ciscoswitches")) {
		update reply {
			Tunnel-Private-Group-ID -=
			Tunnel-Type -=
			Tunnel-Medium-Type -=
		}
	}

I did try this and it came back with:
  ERROR: No value given for attribute Tunnel-Private-Group-ID.

There must be an easy way to strip attributes from being returned?

Steve

-- 
Steven Carr
Systems Development Officer
SLS/ITS/Systems - (0191) 515 3953

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 257 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090708/3b11f22a/attachment.pgp>


More information about the Freeradius-Users mailing list