-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
I'm looking for some information on optimizing some of the
configuration I've made in my freeradius 2.2.0 installation.
Specifically, I need to set a variable based on the LDAP Group
membership of a user. I'm doing this in the post-auth section at the
moment, which I think is correct. The syntax I'm using is as follows :
if (LDAP-Group == "cn=violations,ou=groups,o=mycorp") {
update request {
Tmp-String-0 := "VIOLATORS"
}
}
elsif (LDAP-Group == "cn=guests,ou=groups,o=mycorp") {
update request {
Tmp-String-0 := "GUEST"
}
}
This seems to work fine, but I'm not sure if this is the right way to
go about it. LDAP is getting a query for each if statement which
seems a little much? Is there a way to have the full memberOf list
sent back to RADIUS in one shot and then have it processed internally
without having to beat up LDAP?
I had tried to use a switch/case statement to do this as well, but
that doesn't seem to work. Two questions here. First, is switch/case
better to use for this or is it functionally equivalent to the
if/elsif statement? And second, the syntax I used is below.. Did I do
something wrong, or is this not supported?
switch LDAP-Group {
case "cn=violations,ou=groups,o=mycorp" {
update request {
Tmp-String-0 := "VIOLATORS"
}
}
case "cn=guests,ou=groups,o=mycorp" {
update request {
Tmp-String-0 := "GUEST"
}
}
}
Thanks,
- --
- ---------------------------
Jason 'XenoPhage' Frisvold
[email protected]
- ---------------------------
"Any sufficiently advanced magic is indistinguishable from technology.\"
- - Niven's Inverse of Clarke's Third Law
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlF5drEACgkQO80o6DJ8Uvnx4gCdEOriy/lBK5P/AbV1CsiS3YbO
zlQAn02AmVmfUbKlz0LmfWTu0Hi8tKq0
=F8oD
-----END PGP SIGNATURE-----
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
