On Tue, Feb 17, 2009 at 11:04 AM, <t...@kalik.net> wrote: >>>>Am I correct in saying that the LDAP-attribute that is mapped to >>>>Tunnel-Private-Group-ID would need to be set to the value of the the >>>>VLAN I require? The LDAP-attribute that I wish to use curently >>>>contains values like "ITISCP" and "ENISCP". I want to say if >>>>attribute value == ITISCP set vlan to 226 (ie Tunnel-Private-Group-ID >>>>= 226). Using ldap.attrmap mappings I would need to store the >>>>required vlan in a LDAP attribute. (I can't change the LDAP only read >>>>it). >>>> >>> >>> No. You can define your own attribute (let's say VLAN-Flag) in >>> raddb/dictionary and use unlang in authorize section to test and set >>> tunnel attributes. >> >>Thanks Ivan, >> >>I've configured a dictionary value "userORGUNIT" and added a >>ldap.attrmap mapping. I've tried to perform a comparison operation >>on the value of userORGUNIT in the config file: users. >> >>i.e DEFAULT userORGUNIT == "HR" >> Tunnel-Private-Group-Id = "226" >> >>But this does not match, even though debug shows "rlm_ldap: Adding >>userORGUNIT as userORGUNIT, value HR & op=21" >> >>Is this the correct location for these comparison operations? There >>are around 50 userORGUNIT''s that I need to compare against. >> > > Files are normally listed before ldap in authorize. Use unlang switch > command *after* ldap entry. Or list files after ldap if you are using an > old version. Ivan,
I'm using version 1.1.3 so, I moved the "files" entry below the ldap entry but my DEFAULT entry in the file: users does not match or return any value. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html