[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: [EXT] Re: WPA-EAP configuration with LDAP backend calls ldap module twice
From:       Mark van Reijn via Freeradius-Users <freeradius-users () lists ! freeradius ! org>
Date:       2019-03-20 17:47:51
Message-ID: E9462BE8-6B3B-405B-BE34-50AB90924232 () idfocus ! nl
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


> On 20 Mar 2019, at 18:08, Brian Julin <BJulin@clarku.edu> wrote:
> 
> We had to do a few byzantine things to minimize LDAP calls on our setup.
> 
> See http://lists.freeradius.org/pipermail/freeradius-users/2016-January/081595.html
> 

Thank you! 

Combining your setup with Alan's earlier suggestions and I now have a working setup \
which only calls ldap once. 

I have altered the call to ldap in the inner server as follows:

    if (! &outer.session-state:NIVO-LDAP-Trigger) {
        ldap
        update outer.session-state {
           User-Profile := \
"%{ldap:ldap:///ou=groups,o=vault?nivoRadiusProfileDN?one?(&(member=%{control:Ldap-UserDN})(nivoRadiusProfileDN=*))}"
  Tunnel-Type := &reply:Tunnel-Type
           Tunnel-Private-Group-ID := &reply:Tunnel-Private-Group-ID
           Tunnel-Medium-Type := &reply:Tunnel-Medium-Type
           NIVO-LDAP-Trigger := "ldapdone"
        }
    }

Thank you all for the help!
Cheers,

Mark


["smime.p7s" (smime.p7s)]

0	*H
 010
	`He0	*H
 d0v0^ r<&/Rۍ0
	*H
010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email CA0
180411000000Z
190411235959Z010	UNL10UDelft10
U2611WE10U	Schuttersveld 610U
IDFocus B.V.10UMark I. van Reijn1!0	*H
	mvreijn@idfocus.nl0"0
	*H
0
эo oFo_QS
:WV7:N⩡kɡCVOCb-Щg\~
߰}׼<n@C!	Bme`]
íɐzAĴSkg9O)Gm.͉*x.j?x%lHvL]t<xlۍ?J锻EQȚ#+r{
 \uhEՓvW-\Pǩl`!
jIk1ݱ00U#0la|=+qH^ċ0Uh:#6,i߁UMWs0U \
0U00U%0++0FU \
?0=0;+10+0)+https://secure.comodo.net/CPS0ZUS0Q0O M \
KIhttp://crl.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crl0+ \
0}0U+0Ihttp://crt.comodoca.com/COMODORSAClientAuthenticationandSecureEmailCA.crt0$+0http://ocsp.comodoca.com0
 	*H
2;D
> G1^L
F7|"	1!6m}>`YPaf袋xJW_Q\xvxL?;8N#y<n,*}҉} \
Ym@LtCpU	:Q7Ƨ (.?R]zv`#Q= \
HD4iEیg]sV۶AyjnR*!V:.U=4p+Avq"+Bڰ<~7,00 \
j8;+kٸRV0 	*H
010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1+0)U"COMODO RSA Certification Authority0
130110000000Z
280109235959Z010	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1=0;U4COMODO RSA Client Authentication and Secure Email \
CA0"0 	*H
0
W(vu@8v!P%yL }:X>1.4vلj=4HK \
hyt4z|e`'"2@rF5 P3*UT+%4D5+ ZSu+ =7F_Zt e
>)
94Fro8pNhFF#Ne6/M{UWֱmA \
YT"o)CI	m84$.zW4 r^M9,R$ \
<080U#0~=<8220Ula|=+qH^ċ0U0U00U \
 00U 0LUE0C0A ? \
=;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q+e0c0;+ \
0/http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$+0http://ocsp.comodoca.com0
 	*H
x\(4O<_VΟV쏢kI/5@qB!fk&kn{hJd| \
q[Lǿᓬ?"@fCOݐrXurJH5;#68jle) )Y4 \
Nezyq{:kx%iچ:w#f6HLP~jo9KXnM#:!!69i\ \
}^M;TSX7	̯3]Tc6O$voX*5!4.aKE8HIĹ7?Ar}r# \
R/h<סnuy<1	3mɔv#~&pvg' skMH#/ƨ$/uXq \
Tu(|^-vM҆NKX7fA\X5sh2qP\YǟENRarpGtZp_"k7DdJVGz100010	UGB10UGreater \
Manchester10USalford10U COMODO CA Limited1=0;U4COMODO RSA Client \
Authentication and Secure Email CAr<&/Rۍ0 	`He 0	*H
	1	*H
0	*H
	1
190320174751Z0/	*H
	1" 4-T ~Ȃt?<%50	+710010	UGB10UGreater \
Manchester10USalford10U COMODO CA Limited1=0;U4COMODO RSA Client \
Authentication and Secure Email CAr<&/Rۍ0*H 	1 \
010	UGB10UGreater Manchester10USalford10U COMODO CA \
Limited1=0;U4COMODO RSA Client Authentication and Secure Email \
CAr<&/Rۍ0 	*H
:09#~`K0Zteyo0q,	了.Jt<XJRڔhABۚ"zYD@VX&2y
 g'#?H@Z;V+Ş~~Q]<a"kS W<C ipd l  \
8K#>vթVIqF^r-}X$<ByX@?ȼdH,	yJ޽c \
-<4z"K


[Attachment #6 (text/plain)]

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic