configuration for retrieving LDAP security group membership
Alan DeKok
aland at deployingradius.com
Tue Jan 17 19:29:44 CET 2017
> On Jan 17, 2017, at 12:22 PM, Adam Thompson <athompson at uplogix.com> wrote:
>
> Stefan,
>
> I had to change it a little, but your suggestion works - I owe you a beer next time I'm in the UK.
>
> Here's what I ended up with (for posterity):
>
> post-auth {
>
>
> if ("%{reply:Uplogix-JUNK[0]}" =~ /(.*),CN=Users,DC=doc,DC=uplogix,DC=com$/) {
> if ("%{1}" =~ /CN=(.*)/) {
You can simplify those two regular expressions into one:
if "%{reply:Uplogix-JUNK[0]}" =~ /CN=([^,]+),CN=Users,DC=doc,DC=uplogix,DC=com$/) {
The key is that ".*" also matches "CN=", which is *not* what you want. So instead of ".*", you use an exclusion list. The simplest is [^,]
i.e. "match CN=, and then grab everything until the next comma".
Alan DeKok.
More information about the Freeradius-Users
mailing list