From: Nick Porter <nick@portercomputing.co.uk>
Date: Thu, 5 Jun 2025 08:20:43 +0000 (+0100)
Subject: Document %ldap.uri.attr_option
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=93e6537460f643ab64dab6369f4ce5a5d7334647;p=thirdparty%2Ffreeradius-server.git

Document %ldap.uri.attr_option
---

diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/ldap.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/ldap.adoc
index 27dc489ee71..e945d82f2f1 100644
--- a/doc/antora/modules/reference/pages/raddb/mods-available/ldap.adoc
+++ b/doc/antora/modules/reference/pages/raddb/mods-available/ldap.adoc
@@ -857,6 +857,30 @@ reply.Reply-Message := "The LDAP url is %ldap.uri.unescape(%{my-string})"
 "The LDAP url is ldap:///ou=profiles,dc=example,dc=com??sub?(objectClass=radiusprofile)"
 ```
 
+### %ldap.uri.attr_option(...)
+
+Add an option to all attribute referenced in an LDAP URI.
+
+This is for the corner case where a URI is provided by a third party system
+and needs amending before being used. e.g. a CRL distribution point extracted
+from a certificate may need the "binary" option appending to the attribute
+being requested.
+
+.Return: _string_
+
+.Example
+
+[source,unlang]
+---
+my-uri := "ldap:///cn=cdp1,ou=pki,dc=example,dc=com?certificateRevocationList?base?objectClass=cRLDistributionPoint"
+reply.Reply-Message := %ldap.uri.attr_option(my-uri, 'binary')
+
+.Output
+
+```
+"ldap:///cn=cdp1,ou=pki,dc=example,dc=com?certificateRevocationList;binary?base?objectClass=cRLDistributionPoint"
+```
+
 ### %ldap.group(...)
 
 Check whether the current user is a member of a the given group.  If the attribute
diff --git a/raddb/mods-available/ldap b/raddb/mods-available/ldap
index a1ba2c3b713..b4e82f3774b 100644
--- a/raddb/mods-available/ldap
+++ b/raddb/mods-available/ldap
@@ -1002,6 +1002,30 @@ ldap {
 #  "The LDAP url is ldap:///ou=profiles,dc=example,dc=com??sub?(objectClass=radiusprofile)"
 #  ```
 #
+#  ### %ldap.uri.attr_option(...)
+#
+#  Add an option to all attribute referenced in an LDAP URI.
+#
+#  This is for the corner case where a URI is provided by a third party system
+#  and needs amending before being used. e.g. a CRL distribution point extracted
+#  from a certificate may need the "binary" option appending to the attribute
+#  being requested.
+#
+#  .Return: _string_
+#
+#  .Example
+#
+#  [source,unlang]
+#  ---
+#  my-uri := "ldap:///cn=cdp1,ou=pki,dc=example,dc=com?certificateRevocationList?base?objectClass=cRLDistributionPoint"
+#  reply.Reply-Message := %ldap.uri.attr_option(my-uri, 'binary')
+#
+#  .Output
+#
+#  ```
+#  "ldap:///cn=cdp1,ou=pki,dc=example,dc=com?certificateRevocationList;binary?base?objectClass=cRLDistributionPoint"
+#  ```
+#
 #  ### %ldap.group(...)
 #
 #  Check whether the current user is a member of a the given group.  If the attribute