[EXT] Re: WPA-EAP configuration with LDAP backend calls ldap module twice
Mark van Reijn
mvreijn at idfocus.nl
Wed Mar 20 18:47:51 CET 2019
> On 20 Mar 2019, at 18:08, Brian Julin <BJulin at clarku.edu> wrote:
>
> We had to do a few byzantine things to minimize LDAP calls on our setup.
>
> See http://lists.freeradius.org/pipermail/freeradius-users/2016-January/081595.html
>
Thank you!
Combining your setup with Alan's earlier suggestions and I now have a working setup which only calls ldap once.
I have altered the call to ldap in the inner server as follows:
if (! &outer.session-state:NIVO-LDAP-Trigger) {
ldap
update outer.session-state {
User-Profile := "%{ldap:ldap:///ou=groups,o=vault?nivoRadiusProfileDN?one?(&(member=%{control:Ldap-UserDN})(nivoRadiusProfileDN=*))}"
Tunnel-Type := &reply:Tunnel-Type
Tunnel-Private-Group-ID := &reply:Tunnel-Private-Group-ID
Tunnel-Medium-Type := &reply:Tunnel-Medium-Type
NIVO-LDAP-Trigger := "ldapdone"
}
}
Thank you all for the help!
Cheers,
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3949 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20190320/79f1085e/attachment.bin>
More information about the Freeradius-Users
mailing list