Check in users file using a string attribute obtained from ldap
kzorba at otenet.gr
kzorba at otenet.gr
Fri Dec 24 21:07:09 CET 2010
Quoting Alan DeKok <aland at deployingradius.com>:
> Kostas Zorbadelos wrote:
Hi Alan,
thanks for the prompt reply,
>> - have freeradius query an ldap server to get the usual user entry with one
>> check and a few reply attributes
>>
>> - have after that a users file, that based on the check attribute obtained
>> before by the ldap module make some processing (eg add a few common reply
>> attributes)
>
> The "users" file can't really do this.
>
>> I looked at the source code and from what I understood the ldap module puts
>> all check items in the so called control (or check list), while
>> rlm_file makes
>> checks in the request list
>
> Exactly.
>
>> So I figured that doing an unlang update request would solve the problem.
> ..
>> update request {
>> Group = "%{control:Ascend-Group}"
>
> Uh... that is wrong on a number of levels. The "Group" attribute has
> an existing definition: Unix group comparison. You can't use it for
> anything else.
>
Yes, I figured that the freeradius internal attributes can't be used
for something like that. I did the config by also using another
already defined (string) attribute but the assignment and checks in
users failed again.
I thought I was doing something wrong from an unlang point of view.
I will try to define my own attribute and see what happens. Any other
ideas are highly welcome.
> See raddb/dictionary for how to create local attributes.
>
> Alan DeKok.
Kostas
More information about the Freeradius-Users
mailing list