Multi-valued LDAP attribute configuration
Matthew Newton
mcn at freeradius.org
Wed Sep 13 22:12:03 CEST 2017
On Wed, 2017-09-13 at 22:51 +0530, Srinivasa R wrote:
> # it section, People, icts.res.in
> dn: cn=it section,ou=People,dc=XXXX,dc=XXX,dc=XX
> objectClass: posixAccount
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: top
> objectClass: ieee802Device
> homeDirectory: /home/it
> loginShell: /bin/bash
> uid: it
> cn: it section
> uidNumber: 10001
> gidNumber: 10000
> sn: section
> givenName: it
> telephoneNumber:
> mobile:
> macAddress: 28:f1:0e:2a:c1:ac
> macAddress: e4:a4:71:a3:88:6f
> macAddress: 0c:c4:7a:22:63:23
I'm probably missing something here, but can't you just get your LDAP
server to do the searching for you? i.e. update the ldap filter to
something like
filter = "(&(uid=%{%{Stripped-User-Name}:-%{User-
Name}})(macAddress=%{Calling-Station-Id}))"
If that returns ok, both User-Name and Calling-Station-Id matched. If
not, then one or other or both didn't.
--
Matthew
More information about the Freeradius-Users
mailing list