[LDAP] User-Profile assigned only if set in user attr radiusProfileDn
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Sun Aug 16 21:03:36 CEST 2015
> On 16 Aug 2015, at 14:55, Zeus Panchenko <zeus at ibs.dn.ua> wrote:
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>
>> So the one you want for using a RADIUS attribute is this one:
>>
>> https://github.com/FreeRADIUS/freeradius-server/blob/v3.1.x/raddb/mods-available/ldap#L294
>>
>
> no, it is not the one
>
> I want not the default profile but the way to assign definite one to the
> user belonging to some definite group
I'm starting to understand why Alan gets annoyed with list users.
I wrote a good portion of that code. I know EXACTLY how it works. You did not write the code, you have no idea how it works, yet you're saying my advice is incorrect, and you're basing this on a bad mental model of how the server works, created from outdated documentation. Great.
Edit mods-available/ldap
Set default like this:
ldap {
...
profile {
...
default = &control:User-Profile
}
}
Edit sites-available/default
Call the modules in authorize in this order:
authorize {
files
debug_control
ldap
}
It will work, it will do what you want.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150816/1cee2405/attachment-0001.sig>
More information about the Freeradius-Users
mailing list