Multi-valued LDAP attribute

Adam Track adamtrack at rocketmail.com
Wed May 2 19:55:57 CEST 2012 

>> In a continuation to my previous issue about how to reference an LDAP

>> attribute in post-auth, I am now wondering how to iterate through a
>> multi-valued attribute in a perl script I call from post-auth.  In the
>> debug you can see all three values are returned:
>
>  Multi-value attributes are an array in Perl.
>
>> I'm no perl expert, but shouldn't I be able to reference all three
>> values with $RAD_REPLY{'Person-Type'}?
>
>  No.  That entry is an array.  You need @{$RAD_REPLY{'Person-Type'}},
> and then de-reference each entry from there.
>

I'm still having no luck trying to get all of the values off this multi-valued attribute.. I believe I've got the perl syntax correct but when I try to dereference @{$RAD_REPLY{'Person-Type'}} to check through all values, I get:

rlm_perl: perl_embed:: module = /etc/freeradius/groupcheck.pl , func = post_auth exit status= Can't use string ("employee") as an ARRAY ref while "strict refs" in use at /etc/freeradius/groupcheck.pl line 112.

It appears as though $RAD_REPLY{'Person-Type'} is a string not an array.. if I ask for value, I get "employee"..  

But again, all three values are returned:

...
[ldap] looking for reply items in directory...
  [ldap] personType -> Person-Type = "employee"
  [ldap] personType -> Person-Type = "fulltime"
  [ldap] personType -> Person-Type = "it"
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?
[ldap] user atrack authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
...

I did notice the following in the post-auth debug:

...
rlm_perl: Added pair User-Name = atrack
rlm_perl: Added pair MS-MPPE-Recv-Key = 0xc8bf3146d6b3966f0838e304da9bf9d2
rlm_perl: Added pair Person-Type = employee
rlm_perl: Added pair EAP-Message = 0x03090004
rlm_perl: Added pair MS-MPPE-Send-Key = 0x46948d82b0b42f60dd31e93a0d643790
...

So, for Person-Type, only the one value, employee, is passed to the perl module?  Shouldn't there be another two lines of this for the other two values?

I (finally) upgraded to 2.1.12, with same results.  How can I get the other values? 

Or, is there a better way to do this?  

Thanks,

A.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120502/ea476006/attachment.html>

More information about the Freeradius-Users mailing list