I want to branch an ldap attribute

Coy Hile coy.hile at coyhile.com
Thu Jul 25 03:17:02 CEST 2019 

Please don’t ever bemoan your skill with English. I assure you it is much better than many native English speakers (myself included!) would fare in a great many languages, especially when discussing technical topics. 


Sent from my iPhone

> On Jul 24, 2019, at 20:16, 西村暢敦 / NISHIMURA,NOBUATSU <nobuatsu.nishimura.dg at ps.hitachi-solutions.com> wrote:
> 
> Thanks Alan and Matthew.
> 
> I'm sorry, my English is not good.
> 
> Solved with the following.
> 
> -------
> #! /bin/sh 
> # /usr/sbin/ldapvlan 
> 
> ldapsearch -x -LLL -h 10.0.0.xx -b dc=edu,dc=imc,dc=com \ 
>        -D cn=master,dc=edu,dc=imc,dc=com -W mypasswd \ 
>        '(uid='${1}')' radiusTunnelPrivateGroupId | sed -n 's/radiusTunnelPrivateGroupId: //p' 
> -------
> 
> And then in the default faile I have
> 
> authorize {
>    ...
>    if (specific AP) {
>        update reply {
>            Tunnel-Private-Group-Id := "%{exec:/usr/sbin/ldapvlan %{User-Name}}"
>        }
>    }
> 
> We have got vlanid.
> 
> thanks
> 
> n.n
> 
> -----Original Message-----
> From: Freeradius-Users <freeradius-users-bounces+nobuatsu.nishimura.dg=ps.hitachi-solutions.com at lists.freeradius.org> On Behalf Of Alan DeKok
> Sent: Monday, July 22, 2019 7:56 PM
> To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Subject: [!]Re: I want to branch an ldap attribute
> 
>> On Jul 22, 2019, at 5:02 AM, 西村暢敦 / NISHIMURA,NOBUATSU <nobuatsu.nishimura.dg at ps.hitachi-solutions.com> wrote:
>> authorize {
>>    ...
>>    if (specific AP) {
>>        update reply {
>>            Tunnel-Private-Group-Id := %{ldap:ldap:///ou=Users,dc=edu,dc=kkc,dc=imc,dc=com?uid?sub?uid=%u(radiusTunnelPrivateGroupId)}
>>        }
>>    }
>> 
>> It will be an error. Do you understand the cause?
> 
>  You need to quote the string, as I said to do.  See "man unlang" for documentation.
> 
>    if (specific AP) {
>        update reply {
>            Tunnel-Private-Group-Id := "%{ldap:ldap:///ou=Users,dc=edu,dc=kkc,dc=imc,dc=com?uid?sub?uid=%u(radiusTunnelPrivateGroupId)}"
>        }
>    }
> 
>> Please tell me the solution.
> 
>  Read the documentation.
> 
>> Below is my debug output
> 
>  You're using "radiusd -Xx" when ALL of the documentation, and posts EVERY DAY on this list say to use "radiusd -X"
> 
>  If you're going to ignore the documentation, you will have a hard time configuring the server.
> 
>  Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See https://clicktime.symantec.com/32xxRgbgA7qGH5v3rGs5yjb7Vc?u=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list