Add custom ldap attribute to replies
Angel L. Mateo
amateo at um.es
Fri Oct 30 13:37:35 CET 2015
Hello,
I have my freeradius connected to an LDAP server.
I want now to add the CN attribute of my ldap users' entries to the
freeradius reply. So I have:
- Created a custom attribute (I haven't found any better, is there
any?). This is the definition in the dictionary:
ATTRIBUTE X-Atica-CN 3002 string
- I have mapped the ldap's cn attribute to this attribute. In my ldap
module configuration I have:
update {
...
reply:X-Atica-CN := 'cn'
}
- I have changed my authorized file:
DEFAULT Auth-Type = LDAP, Realm != DEFAULT
User-Name = "%{User-Name}",
X-Atica-CN = "%{reply:X-Atica-CN}",
Fall-Through = No
but when I try with radtest, this custom attribute is not in the reply.
In the freeradius debug file I can see that the ldap attribute is read
while parsing the authorize file:
0) [ldap] = updated
(0) files_aplicaciones: users: Matched entry DEFAULT at line 3
(0) files_aplicaciones: EXPAND %{User-Name}
(0) files_aplicaciones: --> <my login>
(0) files_aplicaciones: EXPAND %{reply:X-Atica-CN}
(0) files_aplicaciones: --> <my cn in the ldap>
but the attribute is not returned to radtest. I have also tried to
force the inclusion in the post-auth section, with:
post-auth {
update reply { reply:X-Atica-CN = &reply:X-Atica-CN }
...
}
and with this, the debug file shows:
(0) update reply {
(0) reply:X-Atica-CN = &reply:X-Atica-CN -> <my cn in the ldap>
(0) } # update reply = noop
but it is not shown in the radtest reply.
Any help?
--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868887590
Fax: 868888337
More information about the Freeradius-Users
mailing list