per instance Ldap-Group attribute does not work
Alan DeKok
aland at deployingradius.com
Wed Aug 10 17:26:31 CEST 2016
On Aug 10, 2016, at 11:05 AM, Oleg Palij <o.palij at dp.uz.gov.ua> wrote:
> Got it to work with:
> if !(&ldapdomain1-Ldap-Group == 'vpdn') {
>
> Is it expected behaviour?
For now, yes.
> In freeradius2 it works without &. And default LDAP-Group works without &.
> I can't find info about this change in switching guide as well as in ldap module documentation.
See "man unlang".
In v3, using "&" for attribute names is strongly recommended.
The background reason is that the attribute ldapdomain1-Ldap-Group is created *after* the server reads the configuration files. So the "if" statement is comparing two text strings, and not an attribute and a string.
Using "&" forces the parser to treat "&ldapdomain1-Ldap-Group" as an attribute name.
Alan DeKok.
More information about the Freeradius-Users
mailing list