How to pass information between modules?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
Let's say I have the following authorize {} section:
authorize {
ldap
sql
}
What would be the best way to pass information between ldap and sql?
For example, if I were to extract a group name from ldap and pass it
to sql to get all the RADIUS attributes associated to this group, what
would be the strategy to acheive that?
In other words, how to configure those modules if the ldap contains
the group info, but sql the actual RADIUS attribute per group?
Thanks!
- --
== +--+
Martin Gadbois | Windows might take you from 0 to 60 faster, |
S/W Developer | but to go to 100 you need Unix.|
Colubris Networks Inc. +--+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFebbM9Y3/iTTCEDkRAlbtAJ9xef4aCw0IGd5SIJXXn7UxLtUwEACZAf/e
hPg7eJ53Xt+PgxSYPpFecPM=
=K9c0
-END PGP SIGNATURE-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to pass information between modules?
Martin Gadbois wrote: What would be the best way to pass information between ldap and sql? In the same way that all of the other modules do it: Put the information into attributes. That's what the config item list is for. For example, if I were to extract a group name from ldap and pass it to sql to get all the RADIUS attributes associated to this group, what would be the strategy to acheive that? Put it into an attribute in the config items. In other words, how to configure those modules if the ldap contains the group info, but sql the actual RADIUS attribute per group? You can use the LDAP-Group attribute, see the rlm_ldap documentation. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to pass information between modules?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alan DeKok wrote:
What would be the best way to pass information between ldap and sql?
In the same way that all of the other modules do it: Put the
information into attributes. That's what the config item list is for.
My subconscious FreeRADIUS mind was saying that as well; but how to use
config items and what makes them different from RADIUS Reply attributes?
An theoritical example:
modules {
file users {
...
}
file groups {
...
}
}
authorized {
users
groups
}
file users:
martin User-Password == gadbois
Group = staff
file groups:
DEFAULT Group == staff
Reply-Message = Hello Staff!
I expect this to set martin into the staff group, and a RADIUS
request returns Reply-Message Hello Staff!!
This does not work:
[/etc/raddb/users]:223 WARNING! Check item Group ?found in reply item
list for user martin. ?This attribute MUST go on the first line with
the other check items
Some explaination, a C function or a URL would greatly help!
In other words, how to configure those modules if the ldap contains
the group info, but sql the actual RADIUS attribute per group?
You can use the LDAP-Group attribute, see the rlm_ldap documentation.
I got it now; LDAP-Group is like a callback into the ldap module,
where the LDAP group is going to be checked to the value.
I'll go update the FR LDAP Wiki.. ;-)
Thanks Alan for the quick reply.
- --
== +--+
Martin Gadbois | Windows might take you from 0 to 60 faster, |
S/W Developer | but to go to 100 you need Unix.|
Colubris Networks Inc. +--+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFec349Y3/iTTCEDkRAsgfAJ45vsoHrRKwsPkITrUBuPsFgbGBXACgm1yU
gjlFYOPYrcMsN80odSYfAWA=
=6TFA
-END PGP SIGNATURE-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
