[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: [EXT] Re: WPA-EAP configuration with LDAP backend calls ldap module twice
From: Mark van Reijn via Freeradius-Users <freeradius-users () lists ! freeradius ! org>
Date: 2019-03-20 17:47:51
Message-ID: E9462BE8-6B3B-405B-BE34-50AB90924232 () idfocus ! nl
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
> On 20 Mar 2019, at 18:08, Brian Julin <BJulin@clarku.edu> wrote:
>
> We had to do a few byzantine things to minimize LDAP calls on our setup.
>
> See http://lists.freeradius.org/pipermail/freeradius-users/2016-January/081595.html
>
Thank you!
Combining your setup with Alan's earlier suggestions and I now have a working setup \
which only calls ldap once.
I have altered the call to ldap in the inner server as follows:
if (! &outer.session-state:NIVO-LDAP-Trigger) {
ldap
update outer.session-state {
User-Profile := \
"%{ldap:ldap:///ou=groups,o=vault?nivoRadiusProfileDN?one?(&(member=%{control:Ldap-UserDN})(nivoRadiusProfileDN=*))}"
Tunnel-Type := &reply:Tunnel-Type
Tunnel-Private-Group-ID := &reply:Tunnel-Private-Group-ID
Tunnel-Medium-Type := &reply:Tunnel-Medium-Type
NIVO-LDAP-Trigger := "ldapdone"
}
}
Thank you all for the help!
Cheers,
Mark
["smime.p7s" (smime.p7s)]
0 *H
010
`He 0 *H
d0v0^ r<&/Rۍ0
*H
010 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CA0
180411000000Z
190411235959Z010 UNL10UDelft10
U2611WE10U Schuttersveld 610U
IDFocus B.V.10UMark I. van Reijn1!0 *H
mvreijn@idfocus.nl0"0
*H
0
эo oFo_QS
:WV7:N⩡kɡCVOCb-Щg\~
߰}<n@C! Bme`]
íɐzAĴSkg9O)Gm.͉*x.j?x%lHvL]t<xlۍ?J锻EQȚ#+r{
\uhEՓvW-\Pǩl`!
jIk1ݱ 00U#0la|=+qH^ċ0Uh:#6,i߁UMWs0U \
0U0 0U%0++0FU \
?0=0;+10+0)+https://secure.comodo.net/CPS0ZUS0Q0O M \
KIhttp://crl.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crl0+ \
0}0U+0Ihttp://crt.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crt0$+0http://ocsp.comodoca.com0
*H
2;D
> G1^L
F7|" 1!6m}>`YPaf袋xJW_Q\ xvxL?;8N#y<n,*}҉} \
Ym@LtCpU :Q7Ƨ (.?R]zv`#Q= \
HD4iEیg]sV۶AyjnR*!V:.U=4p+Avq"+Bڰ<~7,00 \
j8;+kٸRV0 *H
010 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1+0)U"COMODO RSA Certification Authority0
130110000000Z
280109235959Z010 UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email \
CA0"0 *H
0
W(vu@8v!P%yL }:X>1.4vلj=4HK \
hyt4z|e`'"2@rF5 P3*UT+%4D5+ ZSu+ =7F_Zt e
>)
94Fro8pNhFF#Ne6/M{UWֱmA \
YT"o)CI m84$.zW4 r^M9,R$ \
<080U#0~=<8220Ula|=+qH^ċ0U0U0 0U \
00U 0LUE0C0A ? \
=;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q+e0c0;+ \
0/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$+0http://ocsp.comodoca.com0
*H
x\(4O<_VΟV쏢kI/5@qB!fk&kn{hJd| \
q[Lǿᓬ?"@fCOݐrXurJH5;#68jle) )Y4 \
Nezyq{: kx%iچ:w#f6HLP~jo9KXnM#:!!69i\ \
}^M;TSX7 ̯3]Tc6O$voX*5!4.aKE8HIĹ7?Ar}r# \
R/h<סnuy<1 3mɔv#~&pvg' skMH#/ƨ$/uXq \
Tu(|^-vM҆NKX7fA\X5sh2qP\YǟENRarpGtZp_"k7DdJVGz100010 UGB10UGreater \
Manchester10USalford10U COMODO CA Limited1=0;U4COMODO RSA Client \
Authentication and Secure Email CAr<&/Rۍ0 `He 0 *H
1 *H
0 *H
1
190320174751Z0/ *H
1" 4-T ~Ȃt?<%50 +710010 UGB10UGreater \
Manchester10USalford10U COMODO CA Limited1=0;U4COMODO RSA Client \
Authentication and Secure Email CAr<&/Rۍ0*H 1 \
010 UGB10UGreater Manchester10USalford10U COMODO CA \
Limited1=0;U4COMODO RSA Client Authentication and Secure Email \
CAr<&/Rۍ0 *H
:09#~`K0Zteyo0q, 了.Jt<XJRڔhABۚ"zYD@VX&2y
g'#?H@Z;V+Ş~~Q]<a"kS W<C ipd l \
8K#>vթVIqF^r-}X$<ByX@?ȼdH, yJc \
-<4z"K
[Attachment #6 (text/plain)]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic