How does Stripped-User-Name get evaluated?

Nick Howitt nick at
Tue Apr 17 15:59:38 CEST 2018

I am doing an ldap lookup with /etc/raddb/mods-available/ldap:
     user {
         base_dn = "${..base_dn}"
         filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"

It comes back correctly with a simple username, but with a Domain 
username such as "test/MINI-1.CLEARSYSTEM" it always tries to look up 
user "test/MINI-1.CLEARSYSTEM".


    filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"


    filter = "(uid=%{Stripped-User-Name})"

looks up a blank user and

    filter = "(uid=%{User-Name})"

looks up user "test/MINI-1.CLEARSYSTEM" which fails.
I think I am thinking is the function creating Stripped-User-Name is not 
being called. If so, how can I fix it?



More information about the Freeradius-Users mailing list