rlm_ldap and (automagic) xlat
Sven Hartge
sven at svenhartge.de
Fri Oct 29 17:56:13 CEST 2010
Alan DeKok <aland at deployingradius.com> wrote:
> Sven Hartge wrote:
> ...
>> | update request {
>> | GIFB-NetzAccStatus := "%{ldap:ldap:///dc=fh-giessen-friedberg,dc=de?GIFB-NetzAccStatus?sub?uid=%u}"
>> | GIFB-Status := "%{ldap:ldap:///dc=fh-giessen-friedberg,dc=de?GIFB-Status?sub?uid=%u}"
> ...
>> Now, for my rather simple question:
>>
>> Why can't I just add the following to ldap.attrmap and have the ldap
>> module add those two attributes automagically. Why do I have to use two
>> separate ldap_xlat queries:
>>
>> checkItem GIFB-NetzAccStatus GIFB-NetzAccStatus
>> checkItem GIFB-Status GIFB-Status
> That doesn't seem to be consistent. "update request" versus "checkItem" ?
Correct. This was my configuration _before_ I used the "update request"
method to get this information. As I said: this was just a
misunderstanding of the involved mechanisms on my side.
>> I also tried this with "replyItem" instead of checkItem and also
>> tried adding ":=" as the operator, but without the separate ldap_xlat
>> queries both RADIUS-Attributes are not available after the normal
>> ldap module ran.
>>
>> It seems I am missing some crucial part of information here or just
>> lack the understanding of this part of Freeradius.
> They attributes *are* added, to the list that you specified. If you
> want to refer to them in a particular list, see "man unlang".
> Referring to them a "GIFB-NetzAccStatus" means referring to that
> attribute in the *request*, not the *control* list, and not the
> *reply* list.
Ah! I need to use "%{control:GIFB-NetzAccStatus}".
Thank you, this was just the little nudge, I needed.
Just out of curiosity: is there an easy way to see the whole contents of
all lists while debugging? This would have saved me this question, as I
could have easily spottet my data in the output.
Grüße,
S°
--
Sig lost. Core dumped.
More information about the Freeradius-Users
mailing list