[LDAP] User-Profile assigned only if set in user attr radiusProfileDn

Arran Cudbard-Bell a.cudbardb at freeradius.org
Sun Aug 16 21:03:36 CEST 2015


> On 16 Aug 2015, at 14:55, Zeus Panchenko <zeus at ibs.dn.ua> wrote:
> 
> Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> 
>> So the one you want for using a RADIUS attribute is this one:
>> 
>> https://github.com/FreeRADIUS/freeradius-server/blob/v3.1.x/raddb/mods-available/ldap#L294
>> 
> 
> no, it is not the one
> 
> I want not the default profile but the way to assign definite one to the
> user belonging to some definite group

I'm starting to understand why Alan gets annoyed with list users.

I wrote a good portion of that code.  I know EXACTLY how it works.  You did not write the code, you have no idea how it works, yet you're saying my advice is incorrect, and you're basing this on a bad mental model of how the server works, created from outdated documentation. Great.

Edit mods-available/ldap

Set default like this:

ldap {
	...
	profile {
		...
		default = &control:User-Profile
	}
}

Edit sites-available/default

Call the modules in authorize in this order:

authorize {
	files
	debug_control
	ldap
}

It will work, it will do what you want.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150816/1cee2405/attachment-0001.sig>


More information about the Freeradius-Users mailing list