How to add VAP based on LDAP group membership

Thomas Stather Thomas.Stather at mpimf-heidelberg.mpg.de
Fri Feb 19 12:01:42 CET 2016


Hi

It still doesn't work

I tried this in "post-auth" section:


        if 
("%{redundant_ldap:///ou=hosts,dc=testdomain,dc=de?macAddress?sub}" == 
%{Calling-Station-Id}) {
          update reply {
             Aruba-User-Vlan = "200"
          }
       }

debug output is:

(12)   post-auth {
(12)     if (Realm == "testdomain.de") {
(12)     if (Realm == "testdomain.de")  -> TRUE
(12)     if (Realm == "testdomain.de")  {
(12)       if 
("%{redundant_ldap:///ou=hosts,dc=testdomain,dc=de?macAddress?sub}" == 
%{Calling-Station-Id}) {
(12)       ERROR: String passed does not look like an LDAP URL
(12)       ERROR: String passed does not look like an LDAP URL
(12)       EXPAND 
%{redundant_ldap:///ou=hosts,dc=testdomain,dc=de?macAddress?sub}
(12)          -->
(12)       if 
("%{redundant_ldap:///ou=hosts,dc=testdomain,dc=de?macAddress?sub}" == 
%{Calling-Station-Id})  -> FALSE
(12)       else {
(12)         update reply {
(12)           Aruba-User-Vlan = 110
(12)         } # update reply = noop
(12)       } # else = noop
(12)     } # if (Realm == "testdomain.de")  = noop
(12)     ... skipping else for request 12: Preceding "if" was taken
(12)   } # post-auth = noop


What am i doing wrong?

Like i said i want the "hosts" section (containing all hosts) to be 
searched for  the mac address of the connecting client.
A entry in our LDAP "hosts" section looks like this:

cn laptop-test
cn laptop-test.testdomain.de
description Testlaptop
ipHostNumber 192.168.1.100
macAddress 11:22:33:44:55:66
objectClass top
objectClass ipHost
objectClass ieee802Device

Best,
Thomas


Am 20.01.2016 um 16:53 schrieb Alan DeKok:
> On Jan 20, 2016, at 9:47 AM, Thomas Stather <Thomas.Stather at mpimf-heidelberg.mpg.de> wrote:
>> Ok which one of the following 2 statement is correct:
>    Both might work if you fix the syntax.
>
>    But I suggest *trying* it.  I don't have access to your LDAP database or schema, so I can only offer general help.
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Thomas Stather
IT Services

Tel:  +49 6221-486 628
Fax: +49 6221-486 561

------------------------------------------------------------------------
Max Planck Institute for Medical Research (MPImF)
Jahnstrasse 29, 69120 Heidelberg
Germany



More information about the Freeradius-Users mailing list