[RADIATOR] matching based on one value of an attribute multiple times in request
Hartmaier Alexander
alexander.hartmaier at t-systems.at
Thu Jul 13 10:59:43 UTC 2017
Hi,
I'm trying to build a solution to authorize users to log into devices
based on their group membership in our NMS.
We use ClientListSQL to generate the Client config blocks and I've used
the OSC-Authorize-Group attribute for add the group id's to the request
attributes like:
OSC-Authorize-Group-123,OSC-Authorize-Group=456
A Handler for example matches on OSC-Authorize-Group=123, which works as
long as the device is only member of this single group but not if in
multiple like in the above example.
I haven't found an example how to match on the value of an attribute
which occurs multiple times in the authentication request, is it possible?
A workaround would be to make ClientListSQL add
OSC-Authorize-Group=123,456 to the request and matching the value with a
regex, which would be quite complicated but handle all cases without
e.g. allowing access to a device in group 1234 when only 123 should be
allowed.
Any hints how to solve this?
Thanks!
--
Best regards, Alexander Hartmaier
T-Systems Austria GesmbH
TSS Security Services
Network Security & Monitoring Engineer
phone: +43(0)676-8642-4320
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
More information about the radiator
mailing list