Use rlm_ldap reply for the next authorization module
Alan DeKok
aland at deployingradius.com
Wed Jun 16 16:58:49 CEST 2010
JUND wrote:
> I have no trouble to check the User-Name/Password using ldap and chap
> modules. But I can’t figure out how to use the ldap reply to request the
> local mysql where is store the match between crm Id and status.
>
> I don’t know how to use a reply of a authorization module (ldap) in an
> another one (sql).
You can't. It's usually not necessary.
> Since I didn’t find out how to do this, I tried to add the crmID in a
> unused radius attribute: Callback-Number:
>
> In the ldap attrmap configuration file I added:
>
> replyItem Callback-Number SFRrelationLoginService
That should add it to the *reply* items.
> And in the sql configuration:
>
> sql_user_name = "%{Callback-Number}"
That looks up the Callback-Number in the *request*. See "man unlang".
You want:
sql_user_name = "%{reply:Callback-Number}"
> Is it possible to configure the ldap module in order to store a
> ldapattribute in a variable usable by the mysql module ?
Yes. You're doing it. You're just not referencing the variable
correctly.
> Or to
> replace/add a radius attribute in the request, base on the ldap reply
> before the next module is compute?
The LDAP module can't update the request.
Alan DeKok.
More information about the Freeradius-Users
mailing list