Multi-valued LDAP attribute configuration

Steffen Klemer steffen.klemer at gwdg.de
Tue Sep 12 18:36:37 CEST 2017 

Am Di, 12.09.2017 um 18:30 schrieb Srinivasa R
<srinivasa.r at icts.res.in>:

> I have installed FreeRADIUS server (Version 3.0.4) on Cent 7 OS and
> configured the external authentication with 389-DS server using
> rlm_ldap module. I would like to authenticate the mac address of all
> the user which I have stored in LDAP. The macaddress field in LDAP is
> a multi value attribute and the Freeraiud is communicating with LDAP
> without any issues, but the freeradius is authenticating only the
> first macaddress value from LDAP's multi value field.
> 
> I would like to configure the Freeradius to authenticate all the
> values from multi value filed. Someone suggested that we can
> configure this using rlm_python or rlm_perl module. I am not a coder
> and I am not able to find any step by guide to configure the same.
> Could someone guide me on how to configure the Freeradius to
> authenticate Multi-valued LDAP attribute?

I used unlang features to implement sth. like this. I think you can
adapt it to your use case.


In the LDAP module I have sth like

update {
  request:gwdg-user-services += 'userServices'
}

where userServices is multi-valued and sometimes included
'eduroamNotAllowed'


In the site I check against all occurrences:

if ( &gwdg-user-services[*] !~ /eduroamNotAllowed/ ) {
...
}


lg
/Steffen

-- 
Steffen Klemer                     E-Mail: Steffen.Klemer at gwdg.de
                                   Tel:    +49 551 201 2170

------------------------------------------------------------------
GWDG - Gesellschaft für wissenschaftliche
Datenverarbeitung mbH Göttingen
Am Faßberg 11, 37077 Göttingen

Service-Hotline:
Tel:    +49 551 201-1523
E-Mail: support at gwdg.de

Kontakt:
Tel:    0551 201-1510
Fax:    0551 201-2150
E-Mail: gwdg at gwdg.de
WWW:    https://www.gwdg.de
------------------------------------------------------------------
Geschäftsführer:           Prof. Dr. Ramin Yahyapour
Aufsichtsratsvorsitzender: Prof. Dr. Christian Griesinger
Sitz der Gesellschaft:     Göttingen
Registergericht: Göttingen, Handelsregister-Nr. B 598
------------------------------------------------------------------
Zertifiziert nach ISO 9001
------------------------------------------------------------------

More information about the Freeradius-Users mailing list