From: Arran Cudbard-Bell Date: Wed, 16 Jan 2013 17:04:01 +0000 (+0000) Subject: Update LDAP default config X-Git-Tag: release_3_0_0_beta1~1310 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=121f5b9706cda2d2727568d651f1b310f8e4e02b;p=thirdparty%2Ffreeradius-server.git Update LDAP default config --- diff --git a/raddb/mods-available/ldap b/raddb/mods-available/ldap index a8b73f1b3f6..f40c530f042 100644 --- a/raddb/mods-available/ldap +++ b/raddb/mods-available/ldap @@ -45,26 +45,30 @@ ldap { # # Request and list qualifiers may also be placed after the section # name to set defaults for unqualified RADIUS attributes. + # + # Note: LDAP attribute names should be single quoted unless you want + # the name value to be derived from an xlat expansion, or an + # attribute ref. + # update reply { -# control:NT-Password := ntPassword -# Reply-Message := radiusReplyMessage -# Tunnel-Type := radiusTunnelType -# Tunnel-Medium-Type := radiusTunnelMediumType -# Tunnel-Private-Group-ID := radiusTunnelPrivategroupId +# control:NT-Password := 'ntPassword' +# Reply-Message := 'radiusReplyMessage' +# Tunnel-Type := 'radiusTunnelType' +# Tunnel-Medium-Type := 'radiusTunnelMediumType' +# Tunnel-Private-Group-ID := 'radiusTunnelPrivategroupId' } - # Set to "no" to disable the "no \"known good\" password" warning, + # Set to "no" to disable the 'no "known good" password' warning, # if you're not using LDAP to retrieve password values. # expect_password = "yes" # Set to yes if you have eDirectory and want to use the universal - # password mechanism. Add ldap in post-auth to perform account - # policy checking + # password mechanism. # edir = "no" # Set to yes if you want to bind as the user after retrieving the - # Cleartext-Password to consume the login grace, and verify user - # authorization. + # Cleartext-Password. This will consume the login grace, and + # verify user authorization. # edir_autz = "no" # @@ -131,9 +135,9 @@ ldap { # Note: '=' is *not* supported. # : The value to add modify or delete. # - # WARNING: If using the ':=' operator with a multivalued attribute - # all instances of the attribute will be removed and replaced with - # a single attribute. + # WARNING: If using the ':=' operator with a multivalued LDAP + # attribute, all instances of the attribute will be removed and + # replaced with a single attribute. # accounting { reference = "%{tolower:type.%{Acct-Status-Type}}" diff --git a/src/modules/rlm_cache/rlm_cache.c b/src/modules/rlm_cache/rlm_cache.c index 4b7b0cbf512..e049b0841f8 100644 --- a/src/modules/rlm_cache/rlm_cache.c +++ b/src/modules/rlm_cache/rlm_cache.c @@ -419,7 +419,7 @@ static rlm_cache_entry_t *cache_add(rlm_cache_t *inst, REQUEST *request, if (!found) continue; for (vp = found; vp != NULL; vp = vp->next) { - RDEBUG("\t%s%s %s %s%s", map->dst->name, + RDEBUG("\t%s:%s %s %s:%s", map->dst->name, vp->name, fr_int2str(fr_tokens, map->op, "¿unknown?"), map->src->name, @@ -532,7 +532,6 @@ static int cache_verify(rlm_cache_t *inst, value_pair_map_t **head) } for (map = *head; map != NULL; map = map->next) { - if ((map->dst->type != VPT_TYPE_ATTR) && (map->dst->type != VPT_TYPE_LIST)) { cf_log_err(map->ci, "Left operand must be an attribute " diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index 99953d3e3a0..7631a5c5eda 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -1386,7 +1386,7 @@ static int ldap_map_verify(ldap_instance *inst, value_pair_map_t **head) } /* * Attrmap only performs some basic validation checks, we need - * to do rlm_cache specific checks here. + * to do rlm_ldap specific checks here. */ for (map = *head; map != NULL; map = map->next) { if (map->dst->type != VPT_TYPE_ATTR) {