rlm_ldap and (automagic) xlat
Alan DeKok
aland at deployingradius.com
Fri Oct 29 15:46:33 CEST 2010
Sven Hartge wrote:
...
> | update request {
> | GIFB-NetzAccStatus := "%{ldap:ldap:///dc=fh-giessen-friedberg,dc=de?GIFB-NetzAccStatus?sub?uid=%u}"
> | GIFB-Status := "%{ldap:ldap:///dc=fh-giessen-friedberg,dc=de?GIFB-Status?sub?uid=%u}"
...
> Now, for my rather simple question:
>
> Why can't I just add the following to ldap.attrmap and have the ldap
> module add those two attributes automagically. Why do I have to use two
> separate ldap_xlat queries:
>
> checkItem GIFB-NetzAccStatus GIFB-NetzAccStatus
> checkItem GIFB-Status GIFB-Status
That doesn't seem to be consistent. "update request" versus "checkItem" ?
> I also tried this with "replyItem" instead of checkItem and also tried
> adding ":=" as the operator, but without the separate ldap_xlat queries both
> RADIUS-Attributes are not available after the normal ldap module ran.
>
> It seems I am missing some crucial part of information here or just lack the
> understanding of this part of Freeradius.
They attributes *are* added, to the list that you specified. If you
want to refer to them in a particular list, see "man unlang". Referring
to them a "GIFB-NetzAccStatus" means referring to that attribute in the
*request*, not the *control* list, and not the *reply* list.
Alan DeKok.
More information about the Freeradius-Users
mailing list