ldap filter and cert-subject
Sandmann, David
david.sandmann at uni-greifswald.de
Thu Aug 27 14:22:55 CEST 2020
Hi Alan,
thanks for your advice Alan.
it works if we use "update request" instead of "update control".
best regards
David Sandmann
Universitätsrechenzentrum (URZ)
Universität Greifswald
Felix-Hausdorff-Str. 12
17489 Greifswald
Germany
Tel. +49 3834 420 1424
Fax. +49 3834 420 1401
Am Dienstag, den 25.08.2020 um 17:09 schrieb Alan DeKok:
On Aug 25, 2020, at 10:38 AM, Sandmann, David wrote:
> Is it possible to extract the uid from „TLS-Client-Cert-Subject
> := C=DE/../../UID=username“
Yes. You can just use a regular expression.
if (TLS-Client-Cert-Subject =~ /UID=(.*)/) {
update control {
Stripped-User-Name = "%{1}"
}
}
If you don't want to use Stripped-User-Name, just edit
raddb/dictionary, and define a local 'string' attribute there
> in mods-enabled/ldap -> filters?
Edit the filters to use Stripped-User-Name, or whatever else you
defined above.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list