Preserve ldap attributes after proxy
Tamás Becz
tamas.becz at ericsson.com
Mon Nov 10 15:34:01 CET 2014
Hi,
> > I've done some testing. At this point I think it is important to mention
that
> I'm at 2.1.12. While I made it work, I found some gotchas.
>
> Because 2.1.12 is *old*.
Yes, I know, however that's what RH is shipping currently, unfortunately.
>
> > However I don't see a way in rlm_perl for directly touching control
>
> It should be there. If it's not, upgrade to 2.2.5.
Ok, thanks. Currently that's rather an infrastructural headache, but yep,
that's my issue.
Also, I did look at the source and figured that probably RAD_CHECK and
RAD_CONFIG is essentially both the control list, and found that the wiki
says check is deprecated naming for control. So I just changed ldap.attrmap
to put the attribute as checkItem (which at this point I assume means also
control) instead of replyItem, got rid of all the unlang, and left perl only
in post auth to set $RAD_REPLY{"Filter-Id"} = $RAD_CHECK{"Filter-Id"}; and
it seems to work. However, I'm right now a bit of unsure that what's
happening is really what I think is happening, or just a lucky coincidence
and I'm doing something stupid?
>
> >, so I have to keep unlang around, which is ok, but if I got to call perl
anyway
> then I might as well skip unlang if possible. Is there a way to do that?
>
> Upgrade to a recent version of the server.
>
> In v3, you can do list to list copies. So that's easier.
>
Yep, once we move towards RH7.
Thanks,
tamas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5115 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141110/ce2d2815/attachment.bin>
More information about the Freeradius-Users
mailing list