From: Nick Porter Date: Wed, 23 Aug 2023 18:28:57 +0000 (+0100) Subject: Use boolean enum in ldap group membership xlat X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cad30442e82cd96a51b42015273f88400faf18b4;p=thirdparty%2Ffreeradius-server.git Use boolean enum in ldap group membership xlat To be consistent with SQL group membership xlat --- diff --git a/doc/antora/modules/howto/pages/modules/ldap/authorization/groups.adoc b/doc/antora/modules/howto/pages/modules/ldap/authorization/groups.adoc index 8b3e2e36c20..d0126881705 100644 --- a/doc/antora/modules/howto/pages/modules/ldap/authorization/groups.adoc +++ b/doc/antora/modules/howto/pages/modules/ldap/authorization/groups.adoc @@ -143,7 +143,7 @@ appropriately. [source,unlang] ---- -if (%(ldap.memberof:cn=foo,ou=groups,dc=example,dc=com) == 'yes') { +if (%(ldap.memberof:cn=foo,ou=groups,dc=example,dc=com) == true) { update reply { &Reply-Message := "Welcome member of group 'foo'" } @@ -154,7 +154,7 @@ if (%(ldap.memberof:cn=foo,ou=groups,dc=example,dc=com) == 'yes') { [source,unlang] ---- -if (%(ldap.memberof:foo) == 'yes') { +if (%(ldap.memberof:foo) == true) { update reply { &Reply-Message := "Welcome member of group 'foo'" } diff --git a/doc/antora/modules/howto/pages/modules/ldap/base_configuration/index.adoc b/doc/antora/modules/howto/pages/modules/ldap/base_configuration/index.adoc index a090140a42c..5baaa06ae86 100644 --- a/doc/antora/modules/howto/pages/modules/ldap/base_configuration/index.adoc +++ b/doc/antora/modules/howto/pages/modules/ldap/base_configuration/index.adoc @@ -118,7 +118,7 @@ server default { ... recv Access-Request { ldap - if (%(ldap.memberof:cn=authorized_users,ou=groups,dc=example,dc=com) == 'yes') { + if (%(ldap.memberof:cn=authorized_users,ou=groups,dc=example,dc=com) == true) { reject } ... diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index b513466b4df..21c11c9b10c 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -260,6 +260,7 @@ fr_dict_attr_t const *attr_password_with_header; fr_dict_attr_t const *attr_user_password; fr_dict_attr_t const *attr_user_name; +static fr_dict_attr_t const *attr_expr_bool_enum; extern fr_dict_attr_autoload_t rlm_ldap_dict_attr[]; fr_dict_attr_autoload_t rlm_ldap_dict_attr[] = { @@ -272,6 +273,7 @@ fr_dict_attr_autoload_t rlm_ldap_dict_attr[] = { { .out = &attr_user_password, .name = "User-Password", .type = FR_TYPE_STRING, .dict = &dict_radius }, { .out = &attr_user_name, .name = "User-Name", .type = FR_TYPE_STRING, .dict = &dict_radius }, + { .out = &attr_expr_bool_enum, .name = "Expr-Bool-Enum", .type = FR_TYPE_BOOL, .dict = &dict_freeradius }, { NULL } }; @@ -769,7 +771,7 @@ static xlat_action_t ldap_memberof_xlat_resume(TALLOC_CTX *ctx, fr_dcursor_t *ou ldap_memberof_xlat_ctx_t *xlat_ctx = talloc_get_type_abort(xctx->rctx, ldap_memberof_xlat_ctx_t); fr_value_box_t *vb; - MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_BOOL, NULL)); + MEM(vb = fr_value_box_alloc(ctx, FR_TYPE_BOOL, attr_expr_bool_enum)); vb->vb_bool = xlat_ctx->found; fr_dcursor_append(out, vb); diff --git a/src/tests/modules/ldap/groups_rfc2307bis.unlang b/src/tests/modules/ldap/groups_rfc2307bis.unlang index 7a11c218d61..8e743d3c882 100644 --- a/src/tests/modules/ldap/groups_rfc2307bis.unlang +++ b/src/tests/modules/ldap/groups_rfc2307bis.unlang @@ -6,22 +6,22 @@ # # Resolve using group name attribute # -if (!(%(ldap.memberof:foo) == 'yes')) { +if !(%(ldap.memberof:foo) == true) { test_fail } -if (!(%(ldap.memberof:baz) == 'no')) { +if !(%(ldap.memberof:baz) == false) { test_fail } # # Resolve using group DN # -if (!(%(ldap.memberof:cn=foo,ou=groups,dc=example,dc=com) == 'yes')) { +if !(%(ldap.memberof:cn=foo,ou=groups,dc=example,dc=com) == true) { test_fail } -if (!(%(ldap.memberof:cn=baz,ou=groups,dc=example,dc=com) == 'no')) { +if !(%(ldap.memberof:cn=baz,ou=groups,dc=example,dc=com) == false) { test_fail }