Proxy decision based on LDAP lookups and Radius_client match.

[Alan DeKok]

Frank Skovboel wrote:
> Thank you for your help, it's up and running now, I do have a few follow up questions to try and see if I can make changes to the configuration a bit more simple.
> 
> Is there a way to refer to the client shortname in the sites-enabled/default authorize section, so I only need to have the IP in one place? or even better is there a way I can group clients so I can test on the group in sites-enabled/default authorize section?

  Add fields to the "client" section.

  It's not well known, but the configuration file is a pretty powerful
key-value store.  Anything that is well formatted is accepted, and used
as key/value.  You can then look up those keys at run time.

client foo {
	... normal values ...

	mything = hello
}

  That *will* be parsed and accepted.

  You can then do:

authorize {
	...
	if ("%{client:mything}" == "hello") {
		... do stuff ...
	}
	...
}

  This lets you apply arbitrary labels to clients, and to look up those
arbitrary labels at run time.

  Alan DeKok.