I can not use an additional attribute to store the information I need. The ldap server I am requesting is modularized (and I don't manage it), and I can not modify its structure.
In order to check the authorise status of the user in need to check its status in the sql base. The username (for the database, it's not the radius username, used for authentifiaction), is stored in the ldap in the multi valued attribute "SystemId". SystemId is instanciate 3 times (or more) for each user : SystemId = LoginSql=USER SystemId = LoginWindows=toto SystemId = LoginZozo=L00000 I need only one value, the one stating with "LoginSql=" I tried many things without success, but each time I'm not sure about the syntax. What solution would be possible ? 1: Force rlm_ldap to store only the systemId starting with "LoginSql=" in the replyitem ? I was thinking I can use regex in a way with this module but didn't manage... 2 Store all the different value of SystemId using each time the same radius attribute (eg Callback-Number) Filter the attributes in order to strip all Callback-Number but the one stating with LoginSql, before it is process by rlm_sql => I didn't find how to store multi valued attribute I was looking for a xlat syntax wich would return only the value I need (like a ldapsearch <search parameters> | grep "LoginSql=") but I looks not possible. If all the above a not possible I think I will have to patch the rlm_ldap, but really I would like to avoid this as my last C developpement is far far away... Any another idee ? Aurélien -----Message d'origine----- De : freeradius-users-bounces+aurelien.jund=sfr....@lists.freeradius.org [mailto:freeradius-users-bounces+aurelien.jund=sfr....@lists.freeradius.org] De la part de Alan DeKok Envoyé : mardi 13 juillet 2010 10:54 À : FreeRadius users mailing list Objet : Re: Filter multivalued attributes in rlm_sql JUND wrote: > When I use : > > sql_user_name = "%{reply:Callback-Number}" > > I always get the first value of the Callback-Number, That's the way it works. See "man unlang" for how to reference a specific variable. > but I would like to > use only the one starting with "TEST=". Is there a way to filter a > multivalued atytribute to use it for the sql_user_name? Not really, no. I suggest adding the data into an *additional* attribute, and using that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
