Variables' content as a reply
tnt at kalik.net
tnt at kalik.net
Fri Mar 6 03:02:11 CET 2009
>I've been trying unsuccessfully to get this setup to work, but unfortunately haven't been able so far.
>
>My need is to return the contents of three LDAP fields as replies on the Access-Accept package.
>
>The setup is for EAP/TTLS, mostly following eduRoam's setup guide (EduROAM Cookbook -- DJ 5.1.5,3).
>My config is as follows:
>
>on ldap.attrmap:
>> checkItem cLDAPdepartmentNumber departmentNumber
>> replyItem rLDAPdepartmentNumber departmentNumber
>> checkItem cLDAPaffiliation eduPersonPrimaryAffiliation
>> replyItem rLDAPaffiliation eduPersonPrimaryAffiliation
>> checkItem cLDAPou ou
>> replyItem rLDAPou ou
>
Where does the cookbook say that you should put that in ldap.attrmap?
Where are those radius attributes defined? Some additional dictionary?
>on dictionary.university:
>> VENDOR Unicamp 12345
>>
>> BEGIN-VENDOR Unicamp
>> ATTRIBUTE University-LDAP-departmentNumber 1 string
>> ATTRIBUTE University-LDAP-affiliation 2 string
>> ATTRIBUTE University-LDAP-organizationUnit 3 string
>> END-VENDOR University
>
Why don't you map those in ldap.attrmap.
>(the attributes, at least, are recognized correctly on the reply).
>
>on the inner-tunnel configuration file::
>> post-auth {
>> reply_log
>> Post-Auth-Type REJECT {
>> reply_log
>> }
>> redundant {
>> sql-server1
>> sql-server2
>> }
>> update outer.reply {
>> User-Name := %{reply:User-Name}
>> University-LDAP-departmentNumber := %{rLDAPdepartmentNumber}
>> }
That should be:
User-Name := '%{reply:User-Name}'
University-LDAP-departmentNumber :=
'%{rLDAPdepartmentNumber}'
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list