Referencing LDAP attributes in post-auth
Alan DeKok
aland at deployingradius.com
Sat Dec 10 10:48:09 CET 2011
Adam Track wrote:
> I recently saw another question along the same lines as this, so decided
> to give this another go...
> Am now running 2.1.10, and yes, Person-Type is defined in dictionary and
> ldap.attrmap. I've also defined in dictionary the following in hopes of
> passing on the value of Person-Type to this attribute:
>
> ATTRIBUTE Person-Group 3001 string
>
> For the (outer) virtual server, in the authorize block I have the following:
> ...
> ldap
> update control {
> Person-Group = "%{reply:Person-Type}"
> }
That should work.
> In post-auth:
> ...
> update reply {
> Reply-Message := "You are %{control:Person-Group}."
> }
> ...
And that should work too.
> I still cannot figure out how to pass this value from authorize to
> post-auth.
It works for PAP. The only reason it doesn't work is you're running
EAP, and that's more complicated.
> BTW, this is a multi-valued attribute, so what I'm really
> trying to do is to call a perl script in post-auth to iterate through
> all possible values, and set vlan based on whether a particular value
> exists, thus shouldn't be done within authroize. Debug attached (I
> hope).. can't seem to post with it on here due to 100KB limit.
There's no need for a 100KB debug output. Try a *simple* test.
Alan DeKok.
More information about the Freeradius-Users
mailing list