multi-valued ldap-group attributes in rlm_cache
Zenon Mousmoulas
zmousm at noc.grnet.gr
Sat Aug 2 11:41:22 CEST 2014
Hi,
I am trying to cache ldap group membership like this:
modules {
ldap ldap_xyz {
[...]
group {
base_dn = "ou=Groups,dc=koko,dc=lala"
filter = "(objectClass=groupOfNames)"
membership_attribute = "memberOf"
cacheable_name = "yes"
}
}
cache cache_xyz {
[...]
update {
&control:ldap_xyz-Ldap-Group += &control:ldap_xyz-Ldap-Group
}
}
}
[...]
authorize {
[...]
update control {
Cache-Read-Only := yes
}
cache_xyz
if (notfound) {
ldap_xyz
cache_xyz
}
[...]
}
I can see rlm_ldap populate control:Ldap-Group:
Sat Aug 2 12:12:55 2014 : Debug: Added control:ldap_xyz-Ldap-Group with
value "abc"
Sat Aug 2 12:12:55 2014 : Debug: Added control:ldap_xyz-Ldap-Group with
value "def"
[...]
But it looks like rlm_cache only caches the first value:
Sat Aug 2 12:12:56 2014 : Debug: (4) cache_xyz : Adding to cache
entry:
Sat Aug 2 12:12:56 2014 : Debug: (4) cache_xyz :
control:ldap_xyz-Ldap-Group += &ldap_xyz-Ldap-Group -> 'abc'
And the next cache lookup only shows the first value:
Sat Aug 2 12:13:02 2014 : Debug: (9) cache_xyz : Merging cached
control list:
Sat Aug 2 12:13:02 2014 : Debug: (9) cache_xyz : ldap_xyz-Ldap-Group
+= 'abc'
Is this supposed to work? I am using 3.0.4 rc1.
Thanks,
Z.
More information about the Freeradius-Users
mailing list