ldap filter and cert-subject
Alan DeKok
aland at deployingradius.com
Tue Aug 25 17:09:18 CEST 2020
On Aug 25, 2020, at 10:38 AM, Sandmann, David <david.sandmann at uni-greifswald.de> wrote:
> Is it possible to extract the uid from „TLS-Client-Cert-Subject
> := C=DE/../../UID=username“
Yes. You can just use a regular expression.
if (TLS-Client-Cert-Subject =~ /UID=(.*)/) {
update control {
Stripped-User-Name = "%{1}"
}
}
If you don't want to use Stripped-User-Name, just edit raddb/dictionary, and define a local 'string' attribute there
> in mods-enabled/ldap -> filters?
Edit the filters to use Stripped-User-Name, or whatever else you defined above.
Alan DeKok.
More information about the Freeradius-Users
mailing list