RE: Need Assistance please

Tue, 25 May 2004 13:59:19 -0700 

Alan,
I'd first would like to extend my gratitude for answering my email.
I'd also like to apoligize for my confusion.

> Is radius supposed to only return back a single attribute?
>
>  That's what you told it to do.  An attribute with one value (even
>with commas) is very different than attributes with multiple values.
>
>  My suggestion is to create multiple entries in the LDAP schema for
>the Login-LAT-Group, as there is no Login-LAT-GroupS attribute.  Each
>value should then be
>
>       +="User"                (first)
>       +="Change Password"     (second)
>       etc...
>
>  Alan DeKok.

Alan, the "User" "Change Password" "Administrator" etc., are already part of
the LDAP schema (under the attribute securityRole) e.g.
Uid=testuser
                Attribute               Value
                securityRole    Users
                securityRole    testgroup1
                securityRole    testgroup2
                securityRole    Change Password
                securityRole    Luisa Administrator

I've modified the file ldap.attrmap as follow (this is the only change I've
made)

replyItem       Login-LAT-Group securityRole

I thought by modifying this line to match the LDAP attribute it would return
all values for the user (testuser).

When I use NTRadPing the response is:
        Sending authentication request to server test.server:1645
        Transmitting packet, code=1 id=0 length=50
        Received response from the server in 10 milliseconds
        Reply packet code=2 id0 length=27
        Response: Access-Accept
        ----------------attribute dump--------------
        Login-LAT-Group=Users


Can you or anyone suggest any howto site. I've read the LDAP doc and they
don't mention how to do this.  Is this possible?

Thank you

-denis
 
"Rivera, Denis" <[EMAIL PROTECTED]> wrote:
> ---------Attribute Dump---------
> Login-LAT-Groups=Users
> 
> I was expecting the value "Change Password".... and "Users" and "Luisa
> Administrator".
> -------Attribute Dump-----
> Login-LAT-Groups=Users, Change Password, Administrator
> 
> The string "Change Password" has a space in it - is this why the full
string
> is not replied? 

  No.  There's a comma after Users.  If the other space was the
problem, you would see "Users, Change" being returned.





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to