I want to branch an ldap attribute

西村暢敦 / NISHIMURA,NOBUATSU nobuatsu.nishimura.dg at ps.hitachi-solutions.com
Thu Jul 25 02:16:38 CEST 2019

Thanks Alan and Matthew.

I'm sorry, my English is not good.

Solved with the following.

#! /bin/sh 
# /usr/sbin/ldapvlan 
ldapsearch -x -LLL -h 10.0.0.xx -b dc=edu,dc=imc,dc=com \ 
        -D cn=master,dc=edu,dc=imc,dc=com -W mypasswd \ 
        '(uid='${1}')' radiusTunnelPrivateGroupId | sed -n 's/radiusTunnelPrivateGroupId: //p' 

And then in the default faile I have

authorize {
	if (specific AP) {
		update reply {
			Tunnel-Private-Group-Id := "%{exec:/usr/sbin/ldapvlan %{User-Name}}"

We have got vlanid.



-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+nobuatsu.nishimura.dg=ps.hitachi-solutions.com at lists.freeradius.org> On Behalf Of Alan DeKok
Sent: Monday, July 22, 2019 7:56 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: [!]Re: I want to branch an ldap attribute

On Jul 22, 2019, at 5:02 AM, 西村暢敦 / NISHIMURA,NOBUATSU <nobuatsu.nishimura.dg at ps.hitachi-solutions.com> wrote:
> authorize {
> 	...
> 	if (specific AP) {
> 		update reply {
> 			Tunnel-Private-Group-Id := %{ldap:ldap:///ou=Users,dc=edu,dc=kkc,dc=imc,dc=com?uid?sub?uid=%u(radiusTunnelPrivateGroupId)}
> 		}
> 	}
> It will be an error. Do you understand the cause?

  You need to quote the string, as I said to do.  See "man unlang" for documentation.

 	if (specific AP) {
		update reply {
			Tunnel-Private-Group-Id := "%{ldap:ldap:///ou=Users,dc=edu,dc=kkc,dc=imc,dc=com?uid?sub?uid=%u(radiusTunnelPrivateGroupId)}"

> Please tell me the solution.

  Read the documentation.

> Below is my debug output

  You're using "radiusd -Xx" when ALL of the documentation, and posts EVERY DAY on this list say to use "radiusd -X"

  If you're going to ignore the documentation, you will have a hard time configuring the server.

  Alan DeKok.

List info/subscribe/unsubscribe? See https://clicktime.symantec.com/32xxRgbgA7qGH5v3rGs5yjb7Vc?u=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html

More information about the Freeradius-Users mailing list