How to return Filter-ID attribute value for the users in Active Directory?
Alan DeKok
aland at deployingradius.com
Thu Jan 19 19:34:47 CET 2012
suggestme wrote:
> I tried to return the value of Filter-ID as:
>
> authorize {
> ...
> ldap
>
> if (distinguishedName =~ /^[^,]+,OU=([^,]+),/) {
What's "distinguishedName" ?
It's not a RADIUS attribute. Read "man unlang", which explains how
the attributes && variables work.
> In my active directory I have the attribute named "distinguishedName" which
> I am using inside "if" statement.
Right... so FreeRADIUS magically knows to go query LDAP when you type
"distinguishedName"?
> If I use "Ldap-UserDN" attribute inside
> "if" statement (as suggested) it says: "No attribute named Ldap-UserDN".
Because it's a control attribute.
> *Why this "if" condition is being evaluated as FALSE?*
Because FreeRADIUS isn't an LDAP server, and doesn't have magic access
to the internals of AD.
> Please correct me If I am doing something wrong.
You need to query the LDAP server for information. The "rlm_ldap"
documentation should describe this.
Alan DeKok.
More information about the Freeradius-Users
mailing list