force exit on instanciated ldap module
Ramon Escriba
escriba at cells.es
Wed Nov 2 18:31:52 CET 2016
Hi experts,
I'm running a Radius 3.0.10, the config it's working fine, I just ask for advice to do one step in a faster way.
I've declared multiple LDAP instances "vlan1,vlan2....vlanN" in /etc/raddb/mods-enabled/ldap .
Each one queries just the ldap subtree assigned to a particular vlan.
Each vlan subtree contains it's allowed mac's (uid=mac)
Each mac (uid) has all needed radius attributes for the radius accept packet, that are populated from ldap.
Actually, all ldap instancies are asked for every "uid=mac" in order sequence, so if there's a match, the attributes are updated from the ldap.
Unfortunately , If one "mac" matches two ldap instances (ex: vlan1 & vlan2), the last matched instance(vlan2) overwrites the previous populated attributes(vlan1).
My goal is somehow to stop ldap executing the next instances(vlan2,vlan3...N) if the actual one(vlan 1) got the jackpot, to avoid so many ldap queries.
Right now I'm forced to use a inverse priority ( the last match got the jackpot), that is not the right solution.
Any clues, or advice?
/etc/raddb/sites-available/default
(...)
authorize {
filter_username
preprocess
chap
mschap
digest
suffix
eap {
ok = return
}
#ldap instance asking for mac in vlan1
vlan1 {
ok = return
#noop = return
}
#ldap instance asking for mac in vlan2
vlan2 {
ok = return
}
(...)
#ldap instance asking for mac in vlanN
vlanN {
ok = return
}
files
expiration
logintime
}
(....)
More information about the Freeradius-Users
mailing list