LDAP group check not working with SQL expansion

Alan DeKok aland at deployingradius.com
Tue Jul 25 00:19:07 CEST 2017


On Jul 24, 2017, at 5:03 PM, Klara Mall <klara.mall at kit.edu> wrote:
> I'm doing EAP-TTLS/PAP and I have the following policy in the
> authorize section of the inner tunnel virtual server (same behaviour
> when it's in post-auth):
> 
> w2vgroupcheck {
>    if("%{Stripped-User-Domain}" =~ /^([^\.]+)\.w2v\.kit\.edu$/) {
>        if ("%{sql:SELECT COUNT(*) FROM w2v WHERE vlan_name=regexp_replace('%{Stripped-User-Domain}', '\.w2v\.kit\.edu$', '')}" > 0) {
>            if (LDAP-Group == "%{sql:SELECT group_name FROM w2v WHERE vlan_name=regexp_replace('%{Stripped-User-Domain}', '\.w2v\.kit\.edu$', '')}") {

  It's probably the same issue as:

https://github.com/FreeRADIUS/freeradius-server/issues/1947

  Alan DeKok.




More information about the Freeradius-Users mailing list