[LDAP] User-Profile assigned only if set in user attr radiusProfileDn
Zeus Panchenko
zeus at ibs.dn.ua
Sat Aug 15 10:34:23 CEST 2015
greetings,
FR 3.0.x git 180e0b27022237a5f75c3c25d7eb1dbded634bad
am I correct to expect User-Profile assigned if user belongs to Ldap-Group?
here is how I supposed to get it working:
---[ file `users' quotation start ]-------------------------------------------
...
DEFAULT Ldap-Group == "wifi-ABC", Called-Station-SSID == "ABC", Login-Time := 'Al0700-2200', User-Profile := "cn=wifi-ABC,ou=profiles,ou=RADIUS,dc=xyz"
Reply-Message := "User-Profile is %{control:User-Profile}",
Fall-Through = no
...
---[ file `users' quotation end ]-------------------------------------------
here is what I have in debug:
---[ debug quotation start ]-------------------------------------------
...
(6) files: Searching for user in group "wifi-ABC"
...
(6) files: User found in group object "ou=groups,ou=RADIUS,dc=xyz"
rlm_ldap (ldap): Released connection (9)
(6) files: users: Matched entry DEFAULT at line 95
(6) files: EXPAND User-Profile is %{control:User-Profile}
(6) files: --> User-Profile is
(6) [files] = ok
rlm_ldap (ldap): Reserved connection (10)
...
(6) ldap: User object found at DN "uid=rad-jdoe,authorizedService=802.1x-eap-tls at xyz,uid=jdoe,ou=People,dc=xyz"
(6) ldap: Waiting for search result...
(6) ldap: Processing user attributes
(6) ldap: control:Cleartext-Password := '********'
(6) ldap: control:Password-With-Header += '********'
r_ldap (ldap): Released connection (326)
(6) [ldap] = updated
...
---[ debug quotation end ]-------------------------------------------
no evidence, profile attributes were searched/processed ...
my user is found to be a part of Ldap-Group, how to know why
User-Profile is not assigned?
in documentation it is written: if user is a part of Ldap-Group, the
User-Profile will be assigned to the user.
the only way, I found, to get User-Profile assigned to user is to set
attribute radiusProfileDn value in user object directly ... but this
causes one-user-one-profile result, what is not the resul I hoped for
where are am I mistaking?
--
Zeus V. Panchenko jid:zeus at im.ibs.dn.ua
IT Dpt., I.B.S. LLC GMT+2 (EET)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150815/11469248/attachment.sig>
More information about the Freeradius-Users
mailing list