Hello again,
I have a string attribute named Relaciones in my ldap.
>
> This attribute can have more than one value. Actually I return those values
> in the reply:
>
> Sending Access-Accept of id 229 to X.X.X.X port 32796
> Relaciones += "-11"
> Relaciones += "03"
> Relaciones += "-01"
>
> I want to authorize the access only if there is one attibute Relaciones
> whith a positive value. So I would like to use unlang in authorize module to
> check all the attributes "Relaciones" whit a regex, but I don't know how can
> I check all the attributes, and how can I stop procesing the attributes if I
> found one wihtout a minus sign.
>
>
> if ("%{reply:Relaciones}" =~ /^([0-9]{2})/) {
>
> }
>
>
>
maybe I can check the value with a check item:
#cat /etc/freeradius/ldap.attrmap
checkItem NT-Password ntPassword
checkItem Relaciones Relaciones ~= /^([0-9]{2})/
replyItem Nombre-Completo sn
replyItem Relaciones Relaciones +=
anyway i test both ideas, but don't work:
[ldap] looking for check items in directory...
[ldap] ntPassword -> NT-Password == 0x3...
[ldap1] looking for reply items in directory...
[ldap1] Relaciones -> Relaciones += "-11"
[ldap1] Relaciones -> Relaciones += "03"
[ldap1] Relaciones -> Relaciones += "-01"
WARNING: No "known good" password was found in LDAP. Are you sure that the
user is configured correctly?
[ldap1] user XXX authorized to use remote access
[ldap1] ldap_release_conn: Release Id: 0
++++[ldap1] returns ok
++++? if (fail)
? Evaluating (fail) -> FALSE
++++? if (fail) -> FALSE
++++- entering else else {...}
+++++? if ("%{reply:Relaciones}" =~ /^([0-9]{2})/)
expand: %{reply:Relaciones} -> -11
? Evaluating ("%{reply:Relaciones}" =~ /^([0-9]{2})/) -> FALSE
+++++? if ("%{reply:Relaciones}" =~ /^([0-9]{2})/) -> FALSE
++++- else else returns ok
any ideas?
thank you very much.
____________________
Ana Gallardo Gómez
____________________
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
