Check in users file using a string attribute obtained from ldap
Alan DeKok
aland at deployingradius.com
Fri Dec 24 16:09:52 CET 2010
Kostas Zorbadelos wrote:
> - have freeradius query an ldap server to get the usual user entry with one
> check and a few reply attributes
>
> - have after that a users file, that based on the check attribute obtained
> before by the ldap module make some processing (eg add a few common reply
> attributes)
The "users" file can't really do this.
> I looked at the source code and from what I understood the ldap module puts
> all check items in the so called control (or check list), while rlm_file makes
> checks in the request list
Exactly.
> So I figured that doing an unlang update request would solve the problem.
..
> update request {
> Group = "%{control:Ascend-Group}"
Uh... that is wrong on a number of levels. The "Group" attribute has
an existing definition: Unix group comparison. You can't use it for
anything else.
See raddb/dictionary for how to create local attributes.
Alan DeKok.
More information about the Freeradius-Users
mailing list