Closed cmammoli closed 3 years ago
You are right. In the current master this is already done correctly.:
foreach my $value (@values) {
&radiusd::radlog(Info, "+++++++ trying to match $value");
if ($value =~ /$regex/) {
my $result = $1;
$radReply{$radiusAttribute} = add_reply_attibute($radReply{$radiusAttribute}, "$prefix$result$suffix");
&radiusd::radlog(Info, "++++++++ Result: Add RADIUS attribute $radiusAttribute = $result");
} else {
&radiusd::radlog(Info, "++++++++ Result: No match, no RADIUS attribute $radiusAttribute added.");
}
}
Opening here in reference to this: https://github.com/privacyidea/privacyidea/issues/2447
I checked and the group attribute is indeed a multivalue attribute in the resolver:
This is the attribute config in rlm_perl.ini:
This is a debug run of my user:
Looking at the perl code:
Correct me if I'm wrong: If the user attribute is an array every member of the array is compared to the configured regex If a match if found $radReply{Fortinet-Group-Name} is set to the group name So for every member $radReply{Fortinet-Group-Name} is overwritten, right?