Kostas Kalevras wrote:
Erling Paulsen wrote:
I try to make a decision based on checking for a value in a certain
attribute of a LDAP schema. The problem is that this is a multivalued
attribute, and it seems somewhat undefined when I try to check against
it!
My exact problem is checking against a "eduPerson" schema for an
affiliation on an attribute called "eduPersonAffiliation" (which is
multivalued). I want to check if a certain user has the right
affiliation=xxxx before assigning a dynamic Vlan.
I fetch the attribute in Authorization as "LDAP-Affiliation" (mapped
as a checkItem in ldap.attrmap). I've tried checking with the regular
expression operator (i.e. for "staff" affiliation), but it seems to
not give a match. Ex. check-statement from users file:
LDAP-Affiliation :~ .*staff.*
In the LDAP-backend the "eduPersonAffiliation" is shown as containing:
eduPersonAffiliation:
employee
staff
member
Is this a common problem in checking against multivalued attributes,
or is there a way around it?
Any feedback would be appreciated!
- Erling Paulsen
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
You could try using the checkval module which supports multivalued
attributes
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Thank you for your suggestion. I will try it out.
I probably didn't browse the radiusd.conf file thouroughly enough to
notice the definition of this module.
- Erling
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html