Logging the return code from the ldap authentication to SQL.
Alan DeKok
aland at deployingradius.com
Mon Mar 16 16:13:08 CET 2009
Augusto G. Andreollo wrote:
> I have the need to log the return code from the LDAP authentication to
> our database (I'm adding it to the postauth table scheme).
I wouldn't suggest doing that for EVERY packet. Why do you think it's
necessary?
> I've already modified the database scheme (ok), the attribute map, to
> create a new attribute called "reason" (ok) and the insert queries (ok).
> All of this is working fine, including the complete authentication, all
> the way thru Access-Accept and Accounting.
>
> My problem now is getting the return code into the variable, according
> to the LDAP module results.
It looks like it's working. What's the problem?
> (and then it goes on to successfuly add the string "rejected" to the
> database. Again, that part is working smoothly).
So... what's the problem?
> My second attempt was with a switch statement, as follows:
>
> authenticate {
> Auth-Type LDAP {
> redundant {
> ldap1
> ldap2
> }
>
> switch "%{control:rcode}" {
Umm... there is no "control:rcode" attribute.
> expand: %{control:rcode} ->
> ++- entering switch %{control:rcode} {...}
> +++- entering case {...}
See? No "control:rcode".
> (to save room, i've already tried encasing the case options in quotes,
> as 'rejected', 'ok', etc.. that gives me the exact same results. So does
> putting it on double quotes, as "ok", "rejected", etc..)
>
> So, any ideas?
Use the first method, not the second.
Alan DeKok.
More information about the Freeradius-Users
mailing list