Modifying incoming packets with unlang

Matthew Newton mcn at freeradius.org
Mon Mar 28 10:53:25 UTC 2022


On 28/03/2022 10:49, David le Roux wrote:
> I am migrating from an old raddb instance and one of the changes is that freeradius no longer uses the attr_rewrite module and instead relies on unlang.

>          attr_rewrite copyusertocertcn {
>                  attribute = Cert-CN
>                  new_attribute = yes
>                  searchfor = ""
>                  searchin = packet
>                  replacewith = "%{User-Name}"

update request {
   &Cert-CN := &User-Name
}

>           attr_rewrite removehostportion {
>                  attribute = Cert-CN
>                  searchin = packet
>                  searchfor = "(host/)(.*)"
>                  replacewith = "%{2}"
>                  ignore_case = no
>                  new_attribute = no
>          }


if (&Cert-CN =~ /^host\/(.*)$/) {
   update request {
     &Cert-CN := "%{1}"
   }
}



Or, possibly better all in one depending on your needs, something like

if (&User-Name =~ /^host\/(.*)$/) {
   update request {
     &Cert-CN := "%{1}"
   }
}

(which will leave Cert-CN unset if User-Name doesn't start with "host/")

-- 
Matthew


More information about the Freeradius-Users mailing list