Multi-valued LDAP attribute configuration

Srinivasa R srinivasa.r at icts.res.in
Wed Sep 13 13:30:32 CEST 2017


Hi Steffen,

On Tue, Sep 12, 2017 at 10:06 PM, Steffen Klemer <steffen.klemer at gwdg.de>
wrote:

> Am Di, 12.09.2017 um 18:30 schrieb Srinivasa R
> <srinivasa.r at icts.res.in>:
>
> > I have installed FreeRADIUS server (Version 3.0.4) on Cent 7 OS and
> > configured the external authentication with 389-DS server using
> > rlm_ldap module. I would like to authenticate the mac address of all
> > the user which I have stored in LDAP. The macaddress field in LDAP is
> > a multi value attribute and the Freeraiud is communicating with LDAP
> > without any issues, but the freeradius is authenticating only the
> > first macaddress value from LDAP's multi value field.
> >
> > I would like to configure the Freeradius to authenticate all the
> > values from multi value filed. Someone suggested that we can
> > configure this using rlm_python or rlm_perl module. I am not a coder
> > and I am not able to find any step by guide to configure the same.
> > Could someone guide me on how to configure the Freeradius to
> > authenticate Multi-valued LDAP attribute?
>
> I used unlang features to implement sth. like this. I think you can
> adapt it to your use case.
>
>
> In the LDAP module I have sth like
>
> update {
>   request:gwdg-user-services += 'userServices'
> }
>
>  I have updated this in LDAP module:
update {
  request:user-services += 'macAddress'
}


> where userServices is multi-valued and sometimes included
> 'eduroamNotAllowed'
>
>
> In the site I check against all occurrences:
>
> if ( &gwdg-user-services[*] !~ /eduroamNotAllowed/ ) {
> ...
> }
>
> But, when I update the following section
in /etc/raddb/sites-enabled/default under authentication section, I am
getting the error "Failed to parse "if" subsection."

if ( &user-services[*] ) {
...
}

Please correct me if I am doing something wrong.

>
> lg
> /Steffen
>
> --
> Steffen Klemer                     E-Mail: Steffen.Klemer at gwdg.de
>                                    Tel:    +49 551 201 2170
>
> ------------------------------------------------------------------
> GWDG - Gesellschaft für wissenschaftliche
> Datenverarbeitung mbH Göttingen
> Am Faßberg 11, 37077 Göttingen
>
> Service-Hotline:
> Tel:    +49 551 201-1523
> E-Mail: support at gwdg.de
>
> Kontakt:
> Tel:    0551 201-1510
> Fax:    0551 201-2150
> E-Mail: gwdg at gwdg.de
> WWW:    https://www.gwdg.de
> ------------------------------------------------------------------
> Geschäftsführer:           Prof. Dr. Ramin Yahyapour
> Aufsichtsratsvorsitzender: Prof. Dr. Christian Griesinger
> Sitz der Gesellschaft:     Göttingen
> Registergericht: Göttingen, Handelsregister-Nr. B 598
> ------------------------------------------------------------------
> Zertifiziert nach ISO 9001
> ------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>

Regards,

-- 

Srinivas R


More information about the Freeradius-Users mailing list