Transformation of the + symbol -- FRS 3.0.11
Mark Williams
martialstudy at hotmail.com
Thu Nov 3 12:10:24 CET 2016
Let's try cutting and pasting that again, shall we...
ldap{
server="localhost"
port=11389
base_dn="ou=NIS,o=vt"
identity="uid=radius,ou=Local,${base_dn}"
password=blahblahblah
update{
control:Password-With-Header+="userPassword"
control:NT-Password:="ntPassword"
control:Prohibited:="prohibited"
}
user{
base_dn="ou=People,${..base_dn}"
filter="(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
scope="sub"
}
group{
base_dn="ou=Entitlements,${..base_dn}"
filter="(objectClass=nisEntitlement)"
scope="sub"
name_attribute="entitlement"
membership_filter="(&(entitledUID=%{Stripped-User-Name})(|(!(expirationEpoch=*))(expirationEpoch>=%l)))"
}
...
}
________________________________
From: Freeradius-Users <freeradius-users-bounces+martialstudy=hotmail.com at lists.freeradius.org> on behalf of Mark Williams <martialstudy at hotmail.com>
Sent: Thursday, November 03, 2016 7:04 AM
To: FreeRadius users mailing list
Subject: Re: Transformation of the + symbol -- FRS 3.0.11
The dn includes the nuid, which is significantly large number we generate randomly when 'People' records are created. Records are similar to this:
dn: nuid=007,ou=People,ou=NIS,o=vt
nuid: 007
uid: bob
sn: bob
cn: CN - bob
objectClass: nisUserAccount
objectClass: inetOrgPerson
objectClass: radiusprofile
prohibited: FALSE
userPassword:: hashedblahblahblah
dn: nuid=008,ou=Entitlements,ou=NIS,o=vt
nuid: 008
entitled: nuid=007,ou=People,ou=NIS,o=vt
entitledUID: bob
entitlement: service.wireless
objectClass: nisEntitlement
We filter on the unique 'uid' field, and then an 'entitleduid' field:
The ldap config in both versions:
ldap {
server = "localhost"
port = 11389
base_dn = "ou=NIS,o=vt"
identity = "uid=radius,ou=Local,${base_dn}"
password = blahblahblah
update {
control:Password-With-Header += 'userPassword'
control:NT-Password := 'ntPassword'
control:Prohibited := 'prohibited'
}
user {
base_dn = "ou=People,${..base_dn}"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
scope = 'sub'
}
group {
base_dn = "ou=Entitlements,${..base_dn}"
filter = "(objectClass=nisEntitlement)"
scope = 'sub'
name_attribute = "entitlement"
membership_filter = "(&(entitledUID=%{Stripped-User-Name})(|(!(expirationEpoch=*))(expirationEpoch>=%l)))"
}
...
}
________________________________
From: Freeradius-Users <freeradius-users-bounces+martialstudy=hotmail.com at lists.freeradius.org> on behalf of Arran Cudbard-Bell <a.cudbardb at freeradius.org>
Sent: Wednesday, November 02, 2016 2:33 PM
To: FreeRadius users mailing list
Subject: Re: Transformation of the + symbol -- FRS 3.0.11
> On Nov 2, 2016, at 2:26 PM, Mark Williams <martialstudy at hotmail.com> wrote:
>
> It does have a special meaning, but the method which FR is escaping the + character seems to have changed since version 3.0.4, and doesn't appear to be working (in my environment at least).
What's the DN of the object you're actually trying to resolve?
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS -- users' list info<http://www.freeradius.org/list/users.html>
www.freeradius.org
Users' List Information. The freeradius-users mailing list is for users of the FreeRADIUS server not Cistron's server! There are a few house-rules to which we'd like ...
More information about the Freeradius-Users
mailing list