I want to branch an ldap attribute

西村暢敦 / NISHIMURA,NOBUATSU nobuatsu.nishimura.dg at ps.hitachi-solutions.com
Fri Jul 19 04:33:09 CEST 2019


I want to get vlanId (radiusTunnelPrivateGroupId) of the user I want to authenticate.
Ldap query How should I write?

>You can do dynamic LDAP queries:
>authorize {
>	...
>	if (specific AP) {
>		update reply {
>			Tunnel-Private-Group-Id := "{ldap:ldap:///ou=Users,dc=edu,dc=com,uid?sub?radiusTunnelPrivateGroupId?}"
>		}
>	}
→ Failed parsing expanded string
Is there a description method?
Can I get vlan registered in ldap with any uid?

-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+nobuatsu.nishimura.dg=ps.hitachi-solutions.com at lists.freeradius.org> On Behalf Of Alan DeKok
Sent: Wednesday, July 17, 2019 7:33 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: [!]Re: I want to branch an ldap attribute

On Jul 17, 2019, at 2:44 AM, Yuya Yanagi <peacefull64 at gmail.com> wrote:
> There is a request to return the Vlan-id only when connecting to a 
> specific AP at the customer's request, and we are struggling to solve 
> the problem.

  You can do dynamic LDAP queries:

authorize {
	if (specific AP) {
		update reply {
			Tunnel-Private-Group-Id := "%{ldap:... LDAP QUERY ....}"

> I'll show you the mods-available/ldap file.
> I've included mapping file in the update section below, but I want to 
> include additional mapping file for specific AP.(Location of the arrow 
> mark) But if you include an if statement, you will get an error 
> [Invalid location for 'if'].

  Yes, because the "if" condition isn't allowed there.

  Alan DeKok.

List info/subscribe/unsubscribe? See https://clicktime.symantec.com/3EofmZr5EVDowDheUVUbpYU7Vc?u=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html

More information about the Freeradius-Users mailing list