Re: variable problem

Tue, 15 Feb 2005 12:55:29 -0800 

The %{Stripped-User-Name... is being set in the suffix portion of the
authorize section so I added one in front of where I was doing the ldap
uid checking re:

In radiusd.conf I put 
authorize {
        preprocess
        auth_log
$INCLUDE ${raddbdir}/radiusd.my.authorize
        chap
        mschap
        suffix
        ntdomain
...

in radiusd.my.authorize I have
#authorize { #section
#       preprocess #(in radiusd.conf)
#       auth_log #(in radiusd.conf)
#
        group {
                redundant {
                        ip_check
                        ip_check_backup
                }
                mac_check {
                        fail = 1
                }
                suffix
                redundant {
                        uid_check
                        uid_check_backup
                ...

On Tue, 2005-02-15 at 11:22, Mike Sturdee wrote:
> In part of my ldap config section, I obtain the gid with an ldap lookup, 
> then use my ${gid} variable in the groupmembership_filter. Up until 
> recently I had simply been using %{User-Name}, but now have the need to 
> use the check for Stripped-User-Name before using User-Name. That works in 
> everywhere but my gid ldap lookup. I included my groupmembership_filter 
> line just to show the context of the ${gid} use.
> 
> Any pointers to what I may need to do differently is appreciated.
> 
> ------------------------------------------------------
> 
> FreeRADIUS Version 1.1.0-pre0, for host i386-unknown-freebsd5.3, built on 
> Dec 17 2004 at 12:56:19
> 
> ------------------------------------------------------
> # radiusd.conf
> 
> gid =  %{ldap1:ldap:///dc=domain,dc=com?gidNumber?sub?\
> (&(uid=%{Stripped-User-Name:-%{User-Name}})(objectClass=%{Realm}))}
> 
> groupname_attribute = cn
> groupmembership_filter = 
> "(&(objectClass=posixGroup)(|(gidNumber=${gid})(memberUid=%{Stripped-User-Name:-%{User-Name}})))"
> 
> ------------------------------------------------------
> # debugging output
> 
> --snip--
> 
> rlm_ldap: Entering ldap_groupcmp()
> radius_xlat:  'dc=domain,dc=com'
> radius_xlat: Running registered xlat function of module ldap1 for string 
> 'ldap:///dc=domain,dc=com?gidNumber?sub?(&(uid=%{Stripped-User-Name'
> rlm_ldap: - ldap_xlat
> radius_xlat:  'ldap:///dc=domain,dc=com?gidNumber?sub?(&(uid=mike'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: performing search in dc=domain,dc=com, with filter 
> (&(uid=mike
> rlm_ldap: ldap_search() failed: Bad search filter: (&(uid=mike
> rlm_ldap: Search returned error
> 
> --snip--
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to