Use boolean enum in ldap group membership xlat

author Nick Porter <nick@portercomputing.co.uk>

Wed, 23 Aug 2023 18:28:57 +0000 (19:28 +0100)

committer Nick Porter <nick@portercomputing.co.uk>

Thu, 24 Aug 2023 09:20:36 +0000 (10:20 +0100)
author Nick Porter <nick@portercomputing.co.uk>
Wed, 23 Aug 2023 18:28:57 +0000 (19:28 +0100)
committer Nick Porter <nick@portercomputing.co.uk>
Thu, 24 Aug 2023 09:20:36 +0000 (10:20 +0100)
diff --git a/doc/antora/modules/howto/pages/modules/ldap/authorization/groups.adoc b/doc/antora/modules/howto/pages/modules/ldap/authorization/groups.adoc

index 8b3e2e36c200981a447dbf564af92d0484f40c5f..d0126881705db5dc4931da37a8167bc92e651bf6 100644 (file)
--- a/doc/antora/modules/howto/pages/modules/ldap/authorization/groups.adoc
+++ b/doc/antora/modules/howto/pages/modules/ldap/authorization/groups.adoc
@@ -143,7 +143,7 @@ appropriately.
  
  [source,unlang]
  ----
-if (%(ldap.memberof:cn=foo,ou=groups,dc=example,dc=com) == 'yes') {
+if (%(ldap.memberof:cn=foo,ou=groups,dc=example,dc=com) == true) {
         update reply {
                 &Reply-Message := "Welcome member of group 'foo'"
         }
@@ -154,7 +154,7 @@ if (%(ldap.memberof:cn=foo,ou=groups,dc=example,dc=com) == 'yes') {
  
  [source,unlang]
  ----
-if (%(ldap.memberof:foo) == 'yes') {
+if (%(ldap.memberof:foo) == true) {
         update reply {
                 &Reply-Message := "Welcome member of group 'foo'"
         }
diff --git a/doc/antora/modules/howto/pages/modules/ldap/base_configuration/index.adoc b/doc/antora/modules/howto/pages/modules/ldap/base_configuration/index.adoc

index a090140a42cc9223fed24edfecf82f8138456672..5baaa06ae868f4c072972cb68c09be091267fe12 100644 (file)
--- a/doc/antora/modules/howto/pages/modules/ldap/base_configuration/index.adoc
+++ b/doc/antora/modules/howto/pages/modules/ldap/base_configuration/index.adoc
@@ -118,7 +118,7 @@ server default {
         ...
         recv Access-Request {
                 ldap
-               if (%(ldap.memberof:cn=authorized_users,ou=groups,dc=example,dc=com) == 'yes') {
+               if (%(ldap.memberof:cn=authorized_users,ou=groups,dc=example,dc=com) == true) {
                         reject
                 }
                 ...
diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c

index b513466b4dfcc047a56c87e5e0187276b154dbb1..21c11c9b10cfd0de6c42e564d37dca4603b06895 100644 (file)
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -260,6 +260,7 @@ fr_dict_attr_t const *attr_password_with_header;
  
  fr_dict_attr_t const *attr_user_password;
  fr_dict_attr_t const *attr_user_name;
+static fr_dict_attr_t const *attr_expr_bool_enum;
  
  extern fr_dict_attr_autoload_t rlm_ldap_dict_attr[];
  fr_dict_attr_autoload_t rlm_ldap_dict_attr[] = {
@@ -272,6 +273,7 @@ fr_dict_attr_autoload_t rlm_ldap_dict_attr[] = {
  
         { .out = &attr_user_password, .name = "User-Password", .type = FR_TYPE_STRING, .dict = &dict_radius },
         { .out = &attr_user_name, .name = "User-Name", .type = FR_TYPE_STRING, .dict = &dict_radius },
+       { .out = &attr_expr_bool_enum, .name = "Expr-Bool-Enum", .type = FR_TYPE_BOOL, .dict = &dict_freeradius },
  
         { NULL }
  };
@@ -769,7 +771,7 @@ static xlat_action_t ldap_memberof_xlat_resume(TALLOC_CTX *ctx, fr_dcursor_t *ou
         ldap_memberof_xlat_ctx_t        *xlat_ctx = talloc_get_type_abort(xctx->rctx, ldap_memberof_xlat_ctx_t);
         fr_value_box_t                  *vb;
  
-       MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_BOOL, NULL));
+       MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_BOOL, attr_expr_bool_enum));
         vb->vb_bool = xlat_ctx->found;
         fr_dcursor_append(out, vb);
  
diff --git a/src/tests/modules/ldap/groups_rfc2307bis.unlang b/src/tests/modules/ldap/groups_rfc2307bis.unlang

index 7a11c218d6184524df68b0d41038ae46c70fb413..8e743d3c8827f1e48dfaf50228909d3ac3bf892c 100644 (file)
--- a/src/tests/modules/ldap/groups_rfc2307bis.unlang
+++ b/src/tests/modules/ldap/groups_rfc2307bis.unlang
@@ -6,22 +6,22 @@
  #
  #  Resolve using group name attribute
  #
-if (!(%(ldap.memberof:foo) == 'yes')) {
+if !(%(ldap.memberof:foo) == true) {
          test_fail
  }
  
-if (!(%(ldap.memberof:baz) == 'no')) {
+if !(%(ldap.memberof:baz) == false) {
          test_fail
  }
  
  #
  #  Resolve using group DN
  #
-if (!(%(ldap.memberof:cn=foo,ou=groups,dc=example,dc=com) == 'yes')) {
+if !(%(ldap.memberof:cn=foo,ou=groups,dc=example,dc=com) == true) {
          test_fail
  }
  
-if (!(%(ldap.memberof:cn=baz,ou=groups,dc=example,dc=com) == 'no')) {
+if !(%(ldap.memberof:cn=baz,ou=groups,dc=example,dc=com) == false) {
          test_fail
  }
author	Nick Porter <nick@portercomputing.co.uk>
	Wed, 23 Aug 2023 18:28:57 +0000 (19:28 +0100)
committer	Nick Porter <nick@portercomputing.co.uk>
	Thu, 24 Aug 2023 09:20:36 +0000 (10:20 +0100)
doc/antora/modules/howto/pages/modules/ldap/authorization/groups.adoc		patch \| blob \| blame \| history
doc/antora/modules/howto/pages/modules/ldap/base_configuration/index.adoc		patch \| blob \| blame \| history
src/modules/rlm_ldap/rlm_ldap.c		patch \| blob \| blame \| history
src/tests/modules/ldap/groups_rfc2307bis.unlang		patch \| blob \| blame \| history