(RADIATOR) LDAP2 and PostSearchHook
Dirk Tilger
dirk at linux2.intershop.de
Fri Aug 10 10:04:37 CDT 2001
Hi,
I have a question regarding PostSearchHook in AuthLDAP2. I'm using
Radiator-2.18.2 on a Linux machine. I have a realm INTERSHOPLAB...
---8<---
<Realm INTERSHOPLAB>
RewriteUsername s/^(.*)\@(.*)/$1/
<AuthBy LDAP2>
Host 10.0.87.32
AuthDN CN=AdminDirk,CN=Users,DC=intershop,DC=lab
AuthPassword secret
BaseDN DC=intershop,DC=lab
UsernameAttr sAMAccountName
ServerChecksPassword
AuthAttrDef msNPAllowDialin,GENERIC,request
PostSearchHook sub { \
my $dialperm = $_[4]->get ('msNPAllowDialin'); \
$_[0]->log($main::LOG_DEBUG, "\$dialperm is $dialperm"); \
if (!$dialperm) \
{ \
$_[0]->log($main::LOG_INFO, "No dialin permission"); \
} \
}
Debug 255
</AuthBy>
</Realm>
---8<---
My LOG-File shows me...
---8<---
Fri Aug 10 16:40:23 2001: DEBUG: Rewrote user name to DTilger at INTERSHOPLAB
Fri Aug 10 16:40:23 2001: DEBUG: Handling request with Handler 'Realm=INTERSHOPLAB'
Fri Aug 10 16:40:23 2001: DEBUG: Rewrote user name to DTilger
Fri Aug 10 16:40:23 2001: DEBUG: Deleting session for INTERSHOPLAB\DTilger, 203.63.154.1, 1234
Fri Aug 10 16:40:23 2001: DEBUG: Handling with Radius::AuthLDAP2
Fri Aug 10 16:40:23 2001: DEBUG: Connecting to 10.0.87.32, port 389
Fri Aug 10 16:40:23 2001: DEBUG: Attempting to bind with CN=AdminDirk,CN=Users,DC=intershop,DC=lab, secret
Fri Aug 10 16:40:23 2001: DEBUG: LDAP got result for CN=Dirk Tilger,CN=Users,DC=intershop,DC=lab
Fri Aug 10 16:40:23 2001: DEBUG: LDAP got msNPAllowDialin: FALSE
Fri Aug 10 16:40:23 2001: ERR: Bad attribute=value pair: FALSE
Fri Aug 10 16:40:23 2001: DEBUG: $dialperm is ARRAY(0x8370c4c)
Fri Aug 10 16:40:23 2001: INFO: No dialin permission
Fri Aug 10 16:40:23 2001: DEBUG: Radius::AuthLDAP2 looks for match with DTilger
Fri Aug 10 16:40:23 2001: DEBUG: Radius::AuthLDAP2 ACCEPT:
Fri Aug 10 16:40:23 2001: DEBUG: Access accepted for DTilger
Fri Aug 10 16:40:23 2001: DEBUG: Packet dump:
---8<---
The LDAP module says (admin auth. was successful and therefore cutted
off)...
---8<---
Net::LDAP=HASH(0x865af6c) sending:
0000 30 87: SEQUENCE {
0002 02 1: INTEGER = 2
0005 63 82: [APPLICATION 3] {
0007 04 19: STRING = 'DC=intershop,DC=lab'
001C 0A 1: ENUM = 2
001F 0A 1: ENUM = 2
0022 02 1: INTEGER = 0
0025 02 1: INTEGER = 0
0028 01 1: BOOLEAN = FALSE
002B A3 25: [CONTEXT 3] {
002D 04 14: STRING = 'sAMAccountName'
003D 04 7: STRING = 'DTilger'
0046 : }
0046 30 17: SEQUENCE {
0048 04 15: STRING = 'msNPAllowDialin'
0059 : }
0059 : }
0059 : }
Net::LDAP=HASH(0x865af6c) received:
0000 30 96: SEQUENCE {
0006 02 1: INTEGER = 2
0009 64 87: [APPLICATION 4] {
000F 04 43: STRING = 'CN=Dirk Tilger,CN=Users,DC=intershop,DC=lab'
003C 30 36: SEQUENCE {
0042 30 30: SEQUENCE {
0048 04 15: STRING = 'msNPAllowDialin'
0059 31 7: SET {
005F 04 5: STRING = 'FALSE'
0066 : }
0066 : }
0066 : }
0066 : }
0066 : }
---8<---
I was now wondering why it doesn't work, because in the documentation
you had a similar sample. Also the too lines...
> Fri Aug 10 16:40:23 2001: ERR: Bad attribute=value pair: FALSE
> Fri Aug 10 16:40:23 2001: DEBUG: $dialperm is ARRAY(0x8370c4c)
...look a little bit strange to me. I tried some other configurations
and it was almost impossible to check a boolean value.
Did I something wrong?
By the way: How can I reject a message from the hook? The only way
that works at the moment is to modify the password, but doing so
they user gets a confusing message. In all other cases it seems to
me that the ServerChecksPassword is passed regardless what my hook
does.
Dirk.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list