How to pass information between modules?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Let's say I have the following authorize {} section: authorize { ldap sql } What would be the best way to pass information between ldap and sql? For example, if I were to extract a group name from ldap and pass it to sql to get all the RADIUS attributes associated to this group, what would be the strategy to acheive that? In other words, how to configure those modules if the ldap contains the group info, but sql the actual RADIUS attribute per group? Thanks! - -- == +--+ Martin Gadbois | Windows might take you from 0 to 60 faster, | S/W Developer | but to go to 100 you need Unix.| Colubris Networks Inc. +--+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFebbM9Y3/iTTCEDkRAlbtAJ9xef4aCw0IGd5SIJXXn7UxLtUwEACZAf/e hPg7eJ53Xt+PgxSYPpFecPM= =K9c0 -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to pass information between modules?
Martin Gadbois wrote: What would be the best way to pass information between ldap and sql? In the same way that all of the other modules do it: Put the information into attributes. That's what the config item list is for. For example, if I were to extract a group name from ldap and pass it to sql to get all the RADIUS attributes associated to this group, what would be the strategy to acheive that? Put it into an attribute in the config items. In other words, how to configure those modules if the ldap contains the group info, but sql the actual RADIUS attribute per group? You can use the LDAP-Group attribute, see the rlm_ldap documentation. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to pass information between modules?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alan DeKok wrote: What would be the best way to pass information between ldap and sql? In the same way that all of the other modules do it: Put the information into attributes. That's what the config item list is for. My subconscious FreeRADIUS mind was saying that as well; but how to use config items and what makes them different from RADIUS Reply attributes? An theoritical example: modules { file users { ... } file groups { ... } } authorized { users groups } file users: martin User-Password == gadbois Group = staff file groups: DEFAULT Group == staff Reply-Message = Hello Staff! I expect this to set martin into the staff group, and a RADIUS request returns Reply-Message Hello Staff!! This does not work: [/etc/raddb/users]:223 WARNING! Check item Group ?found in reply item list for user martin. ?This attribute MUST go on the first line with the other check items Some explaination, a C function or a URL would greatly help! In other words, how to configure those modules if the ldap contains the group info, but sql the actual RADIUS attribute per group? You can use the LDAP-Group attribute, see the rlm_ldap documentation. I got it now; LDAP-Group is like a callback into the ldap module, where the LDAP group is going to be checked to the value. I'll go update the FR LDAP Wiki.. ;-) Thanks Alan for the quick reply. - -- == +--+ Martin Gadbois | Windows might take you from 0 to 60 faster, | S/W Developer | but to go to 100 you need Unix.| Colubris Networks Inc. +--+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFec349Y3/iTTCEDkRAsgfAJ45vsoHrRKwsPkITrUBuPsFgbGBXACgm1yU gjlFYOPYrcMsN80odSYfAWA= =6TFA -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html