On Mon, 6 Oct 2003, Najeh Ben Nasrallah wrote: > > > Hi all, > it seems there's a bug within the rlm_ldap module in version 0.9.1. > freeradius fails to insert a multivalue attribue (like cisco-avpair )in > the Access-Accept. > > Note that there another freeradius server v0.8.1 running without > problem with the same ldap directory as backend.
Well, rlm_ldap in 0.8.1 had pairadd() while rlm_ldap in 0.9.X uses pairxlatmove() which honors operators. You should use the += operator to add a multivalue attribute like: radiusVSA: vpdn:nas-password=****** radiusVSA: += vpdn:gw-password=***** > Here's a log exemple : > > > rlm_ldap: looking for reply items in directory... > ... > rlm_ldap: Adding radiusVSA as Cisco-AVPair, value > vpdn:nas-password=***** & op=11 > rlm_ldap: Adding radiusVSA as Cisco-AVPair, value vpdn:gw-password=***** > & op=11 > .... > > Sending Access-Accept of id 118 to 127.0.0.1:43810 > Service-Type = Outbound-User > Tunnel-Server-Auth-Id:1 = "***" > Tunnel-Client-Auth-Id:1 = "***" > Tunnel-Server-Endpoint:1 = "A.B.C.D" > Tunnel-Medium-Type:1 = IP > Tunnel-Type:1 = L2F > Cisco-AVPair = "vpdn:nas-password=******" > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< missing the other > cisco-avpair. > > Finished request 20 > > > Is it really a bug, or i'm missing someting else. > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
