I want to branch an ldap attribute

Alan DeKok aland at deployingradius.com
Fri Jul 19 12:57:06 CEST 2019

On Jul 18, 2019, at 10:33 PM, 西村暢敦 / NISHIMURA,NOBUATSU <nobuatsu.nishimura.dg at ps.hitachi-solutions.com> wrote:.
> I want to get vlanId (radiusTunnelPrivateGroupId) of the user I want to authenticate.
> Ldap query How should I write?

  See LDAP documentation for how to write LDAP queries.

  Then, paste the query into the FreeRADIUS configuration.

>> You can do dynamic LDAP queries:
>> authorize {
>> 	...
>> 	if (specific AP) {
>> 		update reply {
>> 			Tunnel-Private-Group-Id := "{ldap:ldap:///ou=Users,dc=edu,dc=com,uid?sub?radiusTunnelPrivateGroupId?}"

  That isn't correct.  The expansion uses %{...}.

>> 		}
>> 	}
> → Failed parsing expanded string

  Post the debug output.  There is just *no* reason for failing to do this.

> Is there a description method?

  There's lots of documentation for both FreeRADIUS and for LDAP.  

> Can I get vlan registered in ldap with any uid?

  That's a question for LDAP, not FreeRADIUS.

  Alan DeKok.

More information about the Freeradius-Users mailing list