Referencing LDAP attributes in post-auth
Adam Track
adamtrack at rocketmail.com
Fri Dec 9 20:35:43 CET 2011
>Full debug please.
>
>Broadly speaking the approach you're trying should work. Most likely
>there's some subtlety which the partial debug doesn't show.
>
>One obvious question: you have defined "Person-Type" in a dictionary
>somewhere, haven't you? e.g. in raddb/dictionary:
>
>ATTRIBUTEPerson-Type3099string
>
>Also, the usual "upgrade 2.1.8 is a bit old" note goes here ;o)
I recently saw another question along the same lines as this, so decided to give this another go...
Am now running 2.1.10, and yes, Person-Type is defined in dictionary and ldap.attrmap. I've also defined in dictionary the following in hopes of passing on the value of Person-Type to this attribute:
ATTRIBUTE Person-Group 3001 string
For the (outer) virtual server, in the authorize block I have the following:
...
ldap
update control {
Person-Group = "%{reply:Person-Type}"
}
...
In post-auth:
...
update reply {
Reply-Message := "You are %{control:Person-Group}."
}
...
I still cannot figure out how to pass this value from authorize to
post-auth. BTW, this is a multi-valued attribute, so what I'm really
trying to do is to call a perl script in post-auth to iterate through
all possible values, and set vlan based on whether a particular value
exists, thus shouldn't be done within authroize. Debug attached (I hope).. can't seem to post with it on here due to 100KB limit.
A.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111209/287e585c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debug
Type: application/octet-stream
Size: 66368 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111209/287e585c/attachment.obj>
More information about the Freeradius-Users
mailing list