[LDAP] User-Profile assigned only if set in user attr radiusProfileDn
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Sun Aug 16 19:38:37 CEST 2015
> On 16 Aug 2015, at 13:31, Zeus Panchenko <zeus at ibs.dn.ua> wrote:
>
> Alan DeKok <aland at deployingradius.com> wrote:
>>> assigned. If not true, the specified User-Profile is not assigned.
>>
>> That's done when the "ldap" module is run in the "authorize" stage.
>> It is NOT done when you manually tell the server to do an LDAP-Group
>> check.
>
> where are the conditions for that check should then be defined?
>
> I hoped to set:
>
> radiusCheckItem='Called-Station-SSID == ABC'
> radiusReplyItem='User-Profile=cn=userprofile1,ou=profiles,ou=RADIUS,dc=xyz'
>
> in user's LDAP object, but it doesn't work ... and if I understood your
> some previous answer, it is not supposed to work this way (at least now)
Ah, they got moved.
So the one you want for using a RADIUS attribute is this one:
https://github.com/FreeRADIUS/freeradius-server/blob/v3.1.x/raddb/mods-available/ldap#L294
And the one you want for using an LDAP attribute is this one:
https://github.com/FreeRADIUS/freeradius-server/blob/v3.1.x/raddb/mods-available/ldap#L300
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150816/0c59de8c/attachment.sig>
More information about the Freeradius-Users
mailing list