I want to add a checkitem from an ldap request and use it, when later
the users file is processed.
Therefore I added
checkItem User-Category primaryGroupID
to ldap.attrmap
The users file contains nothing but:
######################################
HOST/lnxad.tde002.sitest.net User-Category != 515
Fall-Through = No,
HOST/lnxad.tde002.sitest.net User-Category == 515
Fall-Through = No,
HOST/lnxad.tde002.sitest.net Auth-Type := Reject
######################################
radiusd -AX :
....
rlm_ldap: looking for check items in directory...
ldap_get_values
ldap_get_values
.....
ldap_get_values
rlm_ldap: Adding LDAP attribute primaryGroupID as RADIUS attribute
User-Category == 515
ldap_get_values
rlm_ldap: looking for reply items in directory...
ldap_get_values
...
ldap_get_values
ldap_get_values
rlm_ldap: Adding LDAP attribute primaryGroupID as RADIUS attribute
User-Category = 515
ldap_get_values
rlm_ldap: user HOST/lnxad.tde002.sitest.net authorized to use remote access
ldap_msgfree
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap1" returns ok for request 0
users: Matched entry HOST/lnxad.tde002.sitest.net at line 12
This is the last entry of the users file with Auth-Type := Reject
Neither of the entries containing the checkitem User-Category
matches.
Am I doing something wrong?
Norbert Wegener
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
