On 07/16/2013 12:03 PM, Alexander Hartmaier wrote: > AuthAttrDef mobile,GENERIC,request > AuthAttrDef mail,GENERIC,request > AuthAttrDef memberof,GENERIC,request > > This results in error messages in the log: > Tue Jul 16 08:49:46 2013: ERR: Bad attribute=value pair: n...@fqdn.org > Tue Jul 16 08:49:46 2013: ERR: Bad attribute=value pair: +4312345678
GENERIC expects the values fetched from LDAP to be in 'AttributeName=value' format. Maybe this would work better: AuthAttrDef mobile,mobile,request AuthAttrDef mail,mail,request AuthAttrDef memberof,memberof,request > Is this because mobile and mail are not in the dictionary? No. Dictionary is only required if the attribute and its value need to be packed in the network transfer format. That is, numbers instead of attribute names etc. > Why isn't the error also thrown for memberof? Most likely because the memberof LDAP attribute value is in CN=... format. When attribute is added in the request, CN is taken as the attribute name and the rest (...) as the value. Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator