Unlang - switch case against ldap-group not working
Alan DeKok
aland at deployingradius.com
Thu Jun 11 16:30:28 CEST 2020
On Jun 11, 2020, at 10:15 AM, Jérôme BERTHIER <Jerome.Berthier at inria.fr> wrote:
> I wrote an authorize policy used to update some VPN attributes against specific ldap groups.
>
> I see a different behavior when I use a "switch case" logic versus using "if" condition.
>
> When using "switch case", the ldap module is not called. So, the ldap group is not populated and the test doesn't work.
>
> But if I do the same test using an "if" condition then it works.
Because LDAP-Group is really a short-hand for "search ldap". The LDAP-Group attribute doesn't have one particular value.
> Configuration using "switch case" - not working in authorize section :
>
> switch &Ldap-group {
if the user is in 4 groups, which "case" statement should it choose?
a) only one. If so, which one?
b) all match ones, if so, why?
Just use "if" statements. Because they make sense.
Alan DeKok.
More information about the Freeradius-Users
mailing list