Transformation of the + symbol -- FRS 3.0.11

Mark Williams martialstudy at hotmail.com
Thu Nov 3 12:10:24 CET 2016


Let's try cutting and pasting that again, shall we...


ldap{
    server="localhost"
    port=11389
    base_dn="ou=NIS,o=vt"
    identity="uid=radius,ou=Local,${base_dn}"
    password=blahblahblah
    update{
        control:Password-With-Header+="userPassword"
        control:NT-Password:="ntPassword"
        control:Prohibited:="prohibited"
    }
    user{
        base_dn="ou=People,${..base_dn}"
        filter="(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
        scope="sub"
    }
    group{
        base_dn="ou=Entitlements,${..base_dn}"
        filter="(objectClass=nisEntitlement)"
        scope="sub"
        name_attribute="entitlement"
        membership_filter="(&(entitledUID=%{Stripped-User-Name})(|(!(expirationEpoch=*))(expirationEpoch>=%l)))"
    }
    ...
}


________________________________
From: Freeradius-Users <freeradius-users-bounces+martialstudy=hotmail.com at lists.freeradius.org> on behalf of Mark Williams <martialstudy at hotmail.com>
Sent: Thursday, November 03, 2016 7:04 AM
To: FreeRadius users mailing list
Subject: Re: Transformation of the + symbol -- FRS 3.0.11

The dn includes the nuid, which is significantly large number we generate randomly when 'People' records are created. Records are similar to this:

dn: nuid=007,ou=People,ou=NIS,o=vt
nuid: 007
uid: bob
sn: bob
cn: CN - bob
objectClass: nisUserAccount
objectClass: inetOrgPerson
objectClass: radiusprofile
prohibited: FALSE
userPassword:: hashedblahblahblah

dn: nuid=008,ou=Entitlements,ou=NIS,o=vt
nuid: 008
entitled: nuid=007,ou=People,ou=NIS,o=vt
entitledUID: bob
entitlement: service.wireless
objectClass: nisEntitlement

We filter on the unique 'uid' field, and then an 'entitleduid' field:

The ldap config in both versions:

ldap {
server = "localhost"
port = 11389
base_dn = "ou=NIS,o=vt"
identity = "uid=radius,ou=Local,${base_dn}"
        password = blahblahblah
update {
control:Password-With-Header += 'userPassword'
control:NT-Password := 'ntPassword'
                control:Prohibited      := 'prohibited'
}
user {
base_dn = "ou=People,${..base_dn}"
                filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
scope = 'sub'
}
group {
base_dn = "ou=Entitlements,${..base_dn}"
filter = "(objectClass=nisEntitlement)"
scope = 'sub'
name_attribute = "entitlement"
                membership_filter = "(&(entitledUID=%{Stripped-User-Name})(|(!(expirationEpoch=*))(expirationEpoch>=%l)))"
}
...
}


________________________________
From: Freeradius-Users <freeradius-users-bounces+martialstudy=hotmail.com at lists.freeradius.org> on behalf of Arran Cudbard-Bell <a.cudbardb at freeradius.org>
Sent: Wednesday, November 02, 2016 2:33 PM
To: FreeRadius users mailing list
Subject: Re: Transformation of the + symbol -- FRS 3.0.11


> On Nov 2, 2016, at 2:26 PM, Mark Williams <martialstudy at hotmail.com> wrote:
>
> It does have a special meaning, but the method which FR is escaping the + character seems to have changed since version 3.0.4, and doesn't appear to be working (in my environment at least).

What's the DN of the object you're actually trying to resolve?

-Arran

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS -- users' list info<http://www.freeradius.org/list/users.html>
www.freeradius.org
Users' List Information. The freeradius-users mailing list is for users of the FreeRADIUS server not Cistron's server! There are a few house-rules to which we'd like ...




More information about the Freeradius-Users mailing list