Re: rlm_ldap in v0.9.1 and multi-value attributes
Hi Kostas, thanks a lot for your help, your are really doing a great job. thanks again. > > Message: 6 > Date: Tue, 7 Oct 2003 00:44:26 +0300 (EEST) > From: Kostas Kalevras <[EMAIL PROTECTED]> > To: freeradius <[EMAIL PROTECTED]> > Subject: Re: rlm_ldap in v0.9.1 and multi-value attributes > Reply-To: [EMAIL PROTECTED] > > On Mon, 6 Oct 2003, Najeh Ben Nasrallah wrote: > > > > > > > Hi all, > > it seems there's a bug within the rlm_ldap module in version 0.9.1. > > freeradius fails to insert a multivalue attribue (like cisco-avpair )in > > the Access-Accept. > > > > Note that there another freeradius server v0.8.1 running without > > problem with the same ldap directory as backend. > > Well, rlm_ldap in 0.8.1 had pairadd() while rlm_ldap in 0.9.X uses > pairxlatmove() which honors operators. > You should use the += operator to add a multivalue attribute like: > radiusVSA: vpdn:nas-password=** > radiusVSA: += vpdn:gw-password=* > > > Here's a log exemple : > > > > > > rlm_ldap: looking for reply items in directory... > > ... > > rlm_ldap: Adding radiusVSA as Cisco-AVPair, value > > vpdn:nas-password=* & op=11 > > rlm_ldap: Adding radiusVSA as Cisco-AVPair, value vpdn:gw-password=* > > & op=11 > > > > > > Sending Access-Accept of id 118 to 127.0.0.1:43810 > > Service-Type = Outbound-User > > Tunnel-Server-Auth-Id:1 = "***" > > Tunnel-Client-Auth-Id:1 = "***" > > Tunnel-Server-Endpoint:1 = "A.B.C.D" > > Tunnel-Medium-Type:1 = IP > > Tunnel-Type:1 = L2F > > Cisco-AVPair = "vpdn:nas-password=**" > > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< missing the other > > cisco-avpair. > > > > Finished request 20 > > > > > > Is it really a bug, or i'm missing someting else. > > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > > --__--__-- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ldap in v0.9.1 and multi-value attributes
On Mon, 6 Oct 2003, Najeh Ben Nasrallah wrote: > > > Hi all, > it seems there's a bug within the rlm_ldap module in version 0.9.1. > freeradius fails to insert a multivalue attribue (like cisco-avpair )in > the Access-Accept. > > Note that there another freeradius server v0.8.1 running without > problem with the same ldap directory as backend. Well, rlm_ldap in 0.8.1 had pairadd() while rlm_ldap in 0.9.X uses pairxlatmove() which honors operators. You should use the += operator to add a multivalue attribute like: radiusVSA: vpdn:nas-password=** radiusVSA: += vpdn:gw-password=* > Here's a log exemple : > > > rlm_ldap: looking for reply items in directory... > ... > rlm_ldap: Adding radiusVSA as Cisco-AVPair, value > vpdn:nas-password=* & op=11 > rlm_ldap: Adding radiusVSA as Cisco-AVPair, value vpdn:gw-password=* > & op=11 > > > Sending Access-Accept of id 118 to 127.0.0.1:43810 > Service-Type = Outbound-User > Tunnel-Server-Auth-Id:1 = "***" > Tunnel-Client-Auth-Id:1 = "***" > Tunnel-Server-Endpoint:1 = "A.B.C.D" > Tunnel-Medium-Type:1 = IP > Tunnel-Type:1 = L2F > Cisco-AVPair = "vpdn:nas-password=**" > missing the other > cisco-avpair. > > Finished request 20 > > > Is it really a bug, or i'm missing someting else. > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ldap in v0.9.1 and multi-value attributes
Hi all, it seems there's a bug within the rlm_ldap module in version 0.9.1. freeradius fails to insert a multivalue attribue (like cisco-avpair )in the Access-Accept. Note that there another freeradius server v0.8.1 running without problem with the same ldap directory as backend. Here's a log exemple : rlm_ldap: looking for reply items in directory... ... rlm_ldap: Adding radiusVSA as Cisco-AVPair, value vpdn:nas-password=* & op=11 rlm_ldap: Adding radiusVSA as Cisco-AVPair, value vpdn:gw-password=* & op=11 Sending Access-Accept of id 118 to 127.0.0.1:43810 Service-Type = Outbound-User Tunnel-Server-Auth-Id:1 = "***" Tunnel-Client-Auth-Id:1 = "***" Tunnel-Server-Endpoint:1 = "A.B.C.D" Tunnel-Medium-Type:1 = IP Tunnel-Type:1 = L2F Cisco-AVPair = "vpdn:nas-password=**" missing the other cisco-avpair. Finished request 20 Is it really a bug, or i'm missing someting else. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html