Discussion:
set an ldap attribute in the ldap file
Yaël Rozanes
2018-10-24 09:19:25 UTC
Permalink
Hello, everyone,
I would have liked to know if it was possible to "fix" an ldap attr in the ldap file, such as :
Tunnel-Type is always equal to VLAN
and
Tunnel-Medium-Type is always equal to 6
I searched with the operators but I didn't fully understand how they work.
for now my file looks like this:



[...]

update {
control:Password-With-Header += 'userPassword'
# control:NT-Password := 'ntPassword'
# reply:Reply-Message := 'radiusReplyMessage'
# reply:Tunnel-Type := 'radiusTunnelType'
# reply:Tunnel-Medium-Type := 'radiusTunnelMediumType'
# reply:Tunnel-Private-Group-ID := 'radiusTunnelPrivategroupId'
reply:Tunnel-Type := "description"
reply:Tunnel-Medium-Type := "textelibre"
reply:Tunnel-Private-Group-ID := "givenName"

# Where only a list is specified as the RADIUS attribute,
# the value of the LDAP attribute is parsed as a valuepair
# in the same format as the 'valuepair_attribute' (above).
control: += 'radiusControlAttribute'
request: += 'radiusRequestAttribute'
reply: += 'radiusReplyAttribute'
}
[...]


and I would have liked something like this


[...]

reply:Tunnel-Type == "VLAN"
reply:Tunnel-Medium-Type == "6"
reply:Tunnel-Private-Group-ID := "givenName
[...]


in my ldap,

description = VLAN

and textelibre = 6


but I'd like to free these fields from my ldap


thank you in advance for your answers


--------------------------------------------------------------------------------------------------------------

Rozanes Yaël

Student in License ASUR ( france ;)
-
List info/subscribe/unsubscribe?
Alan DeKok
2018-10-24 10:53:04 UTC
Permalink
On Oct 24, 2018, at 5:19 AM, Yaël Rozanes <***@hotmail.fr> wrote:
>
> I would have liked to know if it was possible to "fix" an ldap attr in the ldap file, such as :
> Tunnel-Type is always equal to VLAN
> and
> Tunnel-Medium-Type is always equal to 6

Why? The server has many, many, ways to set attributes. Why not use those?

> I searched with the operators but I didn't fully understand how they work.

The rlm_ldap documentation describes the operators in detail. It describes how the configuration works.

> and I would have liked something like this

No. You can't do that. Don't do that.

> but I'd like to free these fields from my ldap

See "man unlang". Look for "update".

Don't try to invent some new way of doing things. Use the documented wats to do things.

Alan DeKok.


-
List info/subscribe/unsubscribe? See
Yaël Rozanes
2018-10-24 12:06:35 UTC
Permalink
thanks ^^ i return at my researsh ^^



________________________________
De : Freeradius-Users <freeradius-users-bounces+irozanes387=***@lists.freeradius.org> de la part de Alan DeKok <***@deployingradius.com>
Envoyé : mercredi 24 octobre 2018 12:53
À : FreeRadius users mailing list
Objet : Re: set an ldap attribute in the ldap file

On Oct 24, 2018, at 5:19 AM, Yaël Rozanes <***@hotmail.fr> wrote:
>
> I would have liked to know if it was possible to "fix" an ldap attr in the ldap file, such as :
> Tunnel-Type is always equal to VLAN
> and
> Tunnel-Medium-Type is always equal to 6

Why? The server has many, many, ways to set attributes. Why not use those?

> I searched with the operators but I didn't fully understand how they work.

The rlm_ldap documentation describes the operators in detail. It describes how the configuration works.

> and I would have liked something like this

No. You can't do that. Don't do that.

> but I'd like to free these fields from my ldap

See "man unlang". Look for "update".

Don't try to invent some new way of doing things. Use the documented wats to do things.

Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Support & Services<http://www.freeradius.org/list/users.html>
www.freeradius.org
The world's leading RADIUS server. The project includes a GPL AAA server, BSD licensed client and PAM and Apache modules. Full support is available from NetworkRADIUS.

-
List info/subscribe/unsubscribe? See http:/
Loading...