Add custom ldap attribute to replies

Angel L. Mateo amateo at
Fri Oct 30 13:37:35 CET 2015


	I have my freeradius connected to an LDAP server.

	I want now to add the CN attribute of my ldap users' entries to the 
freeradius reply. So I have:

- Created a custom attribute (I haven't found any better, is there 
any?). This is the definition in the dictionary:

ATTRIBUTE X-Atica-CN  3002    string

- I have mapped the ldap's cn attribute to this attribute. In my ldap 
module configuration I have:
update {
   reply:X-Atica-CN := 'cn'

- I have changed my authorized file:
DEFAULT Auth-Type = LDAP, Realm != DEFAULT
         User-Name = "%{User-Name}",
         X-Atica-CN = "%{reply:X-Atica-CN}",
         Fall-Through = No

	but when I try with radtest, this custom attribute is not in the reply. 
In the freeradius debug file I can see that the ldap attribute is read 
while parsing the authorize file:

0)     [ldap] = updated
(0) files_aplicaciones: users: Matched entry DEFAULT at line 3
(0) files_aplicaciones: EXPAND %{User-Name}
(0) files_aplicaciones:    --> <my login>
(0) files_aplicaciones: EXPAND %{reply:X-Atica-CN}
(0) files_aplicaciones:    --> <my cn in the ldap>

	but the attribute is not returned to radtest. I have also tried to 
force the inclusion in the post-auth section, with:
   post-auth {
     update reply { reply:X-Atica-CN = &reply:X-Atica-CN }

	and with this, the debug file shows:

(0)     update reply {
(0)       reply:X-Atica-CN = &reply:X-Atica-CN -> <my cn in the ldap>
(0)     } # update reply = noop

	but it is not shown in the radtest reply.

	Any help?

Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
Tfo: 868887590
Fax: 868888337

More information about the Freeradius-Users mailing list