rlm_ldap - inherit user { access_attribute } from profile entry
Peter Payne
freeradius20220411 at abitry.com.au
Fri Apr 15 02:26:31 UTC 2022
In the rlm_ldap module configuration file "ldap" there is a configuration parameter in the "user { }" section named "access_attribute". I have that set to "dialupAccess".
I also have the configuration parameter in the "profile { }" section named "attribute" set to "radiusProfileDn".
My users, in LDAP, all have "radiusProfileDn" set to point to a profile, e.g.:
radiusProfileDn: cn=adsl,ou=radius profiles,o=myorg
And I'd like to put the "dialupAccess" attribute in the profile rather than the user entry, e.g.:
dialupAccess: 1
As far as I can tell there's no attribute value inheritance in LDAP? Short of modifying the source code of rlm_ldap.c and/or the function rlm_ldap_check_access() to explicitly search the profile LDAP entry for the access attribute are there any other strategies I might consider in order to move the access attribute out of the individual user LDAP entries?
Kind regards,
Peter Payne
Melbourne, Australia
More information about the Freeradius-Users
mailing list