search

privacyidea / FreeRADIUS

Add two factor authentication to FreeRADIUS via privacyIDEA
GNU General Public License v2.0
19 stars 17 forks source link

Allow the same attribute to be configured several times #49

Open cornelinux opened 3 years ago

cornelinux commented 3 years ago

In many scenarios it can be necessary to configure the same attribute several times:

[Attribute Filter-Id]
dir = user
userAttribute = gruppen
regex = CN=Enterprise\ Admins,CN=Users,DC=testfoo,DC=intranet
prefix = FIX-BUILTIN-Enter

[Attribute Filter-Id]
dir = user
userAttribute = gruppen
regex = CN=Administrators,CN=Builtin,DC=testfoo,DC=intranet
prefix = FIX-BUILTIN-admins

In this case we would set Filter-Id to one constant value if a group is given and to another fixed value if another group is given.

The problem is, that due to the perl parser Config::Inifiles the two sections are merged togeather. So either we need to completeley change the way the sections are configured or we need to differ the sections by different names.

A simple way to achieve this is to add a tag to the sections, that helps to keep the sections destinct but ignore it during our parsing:

[Attribute Filter-Id A]
dir = user
userAttribute = gruppen
regex = CN=Enterprise\ Admins,CN=Users,DC=testfoo,DC=intranet
prefix = FIX-BUILTIN-Enter

[Attribute Filter-Id B]
dir = user
userAttribute = gruppen
regex = CN=Administrators,CN=Builtin,DC=testfoo,DC=intranet
prefix = FIX-BUILTIN-admins
cornelinux commented 3 years ago

This is already possible:

[Attribute Something1]
dir = user
userAttribute = gruppen
radiusAttribute = Filter-Id
regex = CN=Enterprise\ Admins,CN=Users,DC=testfoo,DC=intranet
prefix = FIX-BUILTIN-Enter

[Attribute SOmething-Else]
dir = user
userAttribute = gruppen
radiusAttribute = Filter-Id
regex = CN=Administrators,CN=Builtin,DC=testfoo,DC=intranet
prefix = FIX-BUILTIN-admins