I want to branch an ldap attribute
西村暢敦 / NISHIMURA,NOBUATSU
nobuatsu.nishimura.dg at ps.hitachi-solutions.com
Fri Jul 19 04:33:09 CEST 2019
Hello.
I want to get vlanId (radiusTunnelPrivateGroupId) of the user I want to authenticate.
Ldap query How should I write?
>You can do dynamic LDAP queries:
>
>authorize {
> ...
> if (specific AP) {
> update reply {
> Tunnel-Private-Group-Id := "{ldap:ldap:///ou=Users,dc=edu,dc=com,uid?sub?radiusTunnelPrivateGroupId?}"
> }
> }
→ Failed parsing expanded string
Is there a description method?
Can I get vlan registered in ldap with any uid?
Thanks
nn
-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+nobuatsu.nishimura.dg=ps.hitachi-solutions.com at lists.freeradius.org> On Behalf Of Alan DeKok
Sent: Wednesday, July 17, 2019 7:33 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: [!]Re: I want to branch an ldap attribute
On Jul 17, 2019, at 2:44 AM, Yuya Yanagi <peacefull64 at gmail.com> wrote:
> There is a request to return the Vlan-id only when connecting to a
> specific AP at the customer's request, and we are struggling to solve
> the problem.
You can do dynamic LDAP queries:
authorize {
...
if (specific AP) {
update reply {
Tunnel-Private-Group-Id := "%{ldap:... LDAP QUERY ....}"
}
}
> I'll show you the mods-available/ldap file.
> I've included mapping file in the update section below, but I want to
> include additional mapping file for specific AP.(Location of the arrow
> mark) But if you include an if statement, you will get an error
> [Invalid location for 'if'].
Yes, because the "if" condition isn't allowed there.
Alan DeKok.
-
List info/subscribe/unsubscribe? See https://clicktime.symantec.com/3EofmZr5EVDowDheUVUbpYU7Vc?u=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html
More information about the Freeradius-Users
mailing list