Adam Track wrote: > I'm still having no luck trying to get all of the values off this > multi-valued attribute.. I believe I've got the perl syntax correct but > when I try to dereference @{$RAD_REPLY{'Person-Type'}} to check through > all values, I get: > > rlm_perl: perl_embed:: module = /etc/freeradius/groupcheck.pl , func = > post_auth exit status= Can't use string ("employee") as an ARRAY ref > while "strict refs" in use at /etc/freeradius/groupcheck.pl line 112.
This is really a Perl question. > But again, all three values are returned: > > ... > [ldap] looking for reply items in directory... > [ldap] personType -> Person-Type = "employee" > [ldap] personType -> Person-Type = "fulltime" Read raddb/ldap.attrmap. This is documented. > I did notice the following in the post-auth debug: ... > So, for Person-Type, only the one value, employee, is passed to the perl > module? Shouldn't there be another two lines of this for the other two > values? No. The default operator for the LDAP attribute mapping is '='. If you want '+=', edit ldap.attrmap. This has been in ldap.attrmap, *and* documented there since 2004. If you're editing the file to add "personType", the PLEASE READ THE FILE. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html