LDAP group check not working with SQL expansion
Alan DeKok
aland at deployingradius.com
Tue Jul 25 00:19:07 CEST 2017
On Jul 24, 2017, at 5:03 PM, Klara Mall <klara.mall at kit.edu> wrote:
> I'm doing EAP-TTLS/PAP and I have the following policy in the
> authorize section of the inner tunnel virtual server (same behaviour
> when it's in post-auth):
>
> w2vgroupcheck {
> if("%{Stripped-User-Domain}" =~ /^([^\.]+)\.w2v\.kit\.edu$/) {
> if ("%{sql:SELECT COUNT(*) FROM w2v WHERE vlan_name=regexp_replace('%{Stripped-User-Domain}', '\.w2v\.kit\.edu$', '')}" > 0) {
> if (LDAP-Group == "%{sql:SELECT group_name FROM w2v WHERE vlan_name=regexp_replace('%{Stripped-User-Domain}', '\.w2v\.kit\.edu$', '')}") {
It's probably the same issue as:
https://github.com/FreeRADIUS/freeradius-server/issues/1947
Alan DeKok.
More information about the Freeradius-Users
mailing list