Checkval weird issue with LDAP backend and PAM authentication
Alan DeKok
aland at deployingradius.com
Fri Nov 26 09:31:01 CET 2010
Marco Carcano wrote:
> I RTM unlang, but I have to admit I only got confused - The only thing I
> have understood is to write a simple statement like this (in authorize
> section)
>
> if (NAS-Identifier == "ftp" ) {
> ok
> }
> else {
> reject
> }
>
> and I think is even wrong because returns always OK :(((((
And.... what does debug mode say?
> I noticed on some posts people using a syntax like if (NAS-Identifier ==
> %{sql: SELECT ... BLA BLA} )
See "man unlang". This is documented.
> but I have not been able to see a working example using ldap,
if (NAS-Identifier == "%{ldap: ... ldap stuff ... }") {
> thinking at the %{sql:SELECT ...} example I tough I syntax almost like this
>
> if (NAS-Identifier ==
> "ldap:cn=%{User-Name},ou=Users,dc=marcolinux,dc=local
> (eckAllowedServices)" ) {
You didn't use the same form as the SQL example. The brackets have
*meaning*: %{}
See "man unlang".
Alan DeKok.
More information about the Freeradius-Users
mailing list