Attachment 11064 Details for Bug 56060 – patch-alike file for sites-available/default - will not work out of the box

[patch] patch-alike file for sites-available/default - will not work out of the box

patch-default.txt (text/plain), 3.49 KB, created by Ingo Jürgensmann on 2023-05-12 16:58:40 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Ingo Jürgensmann

Created: 2023-05-12 16:58:40 CEST

Size: 3.49 KB

patch

obsolete

>--- default     2023-05-12 16:17:27.040000000 +0200
>+++ ../server-available_default 2023-05-12 16:15:54.616000000 +0200
>@@ -761,18 +761,45 @@
>			 User-Name := "%{1}$"    # The uid attribute in the ldap object is filled with the host name and a trailing dollar sign.
>		 }
>	 }
>+
>+    if ("%{ldap:ldap:///dc=domain,dc=net?uid?sub?(macAddress=%{User-Name})}") {
>+        # For known users as well for known machines we take the vlan-id from the group the user/machine is member of.
>+        # In case there are assignments for several groups the first vlan-id is automatically taken.
>+        update request {
>+            User-Name := "%{ldap:ldap:///dc=domain,dc=net?uid?sub?(macAddress=%{User-Name})}"    # The uid attribute in the ldap object is filled with the host name and a trailing dollar sign.
>+        }
>+        if ("%{ldap:ldap:///dc=domain,dc=net?univentionVlanId?sub?(&(macAddress=%{User-Name})(univentionObjectType=groups/group)(univentionVlanId=*))}") {
>+            update reply {
>+                Reply-Message := "DEBUG: Assigning VLAN-ID from user / computer object"
>+                Tunnel-Type := VLAN
>+                Tunnel-Medium-Type := IEEE-802
>+                Tunnel-Private-Group-Id := "%{ldap:ldap:///dc=domain,dc=net?univentionVlanId?sub?(&(|(memberUid=%{User-Name})(macAddress=%{User-Name}))(univentionObjectType=groups/group)(univentionVlanId=*))}"
>+            }
>+        }
>+        # If we can't find a matching VLAN ID for the user or machine client in LDAP, we return the default VLAN ID, if configured.
>+        # If no default vlan-id is configured in ucr we do not return any vlan information
>+        elsif ("1") {
>+            update reply {
>+                Reply-Message := "DEBUG: Not found, assigning default VLAN-ID"
>+                Tunnel-Type := VLAN
>+                Tunnel-Medium-Type := IEEE-802
>+                Tunnel-Private-Group-Id := "1"
>+            }
>+        }
>+    }
>+
>	 # Check if the user or machine exists and do post-auth actions
>	 # else do nothing in post-auth
>	 # This way we also make sure that we do not change the VLAN ID again if the non-EAP-auth (MAC address auth) succeeded before (see above)
>-    if ("%{ldap:ldap:///dc=domain,dc=net?uid?sub?(uid=%{User-Name})}") {
>+    if ("%{ldap:ldap:///dc=domain,dc=net?uid?sub?(|(uid=%{User-Name})(macAddress=%{User-Name}))}") {
>		 # For known users as well for known machines we take the vlan-id from the group the user/machine is member of.
>		 # In case there are assignments for several groups the first vlan-id is automatically taken.
>-        if ("%{ldap:ldap:///dc=domain,dc=net?univentionVlanId?sub?(&(memberUid=%{User-Name})(univentionObjectType=groups/group)(univentionVlanId=*))}") {
>+        if ("%{ldap:ldap:///dc=domain,dc=net?univentionVlanId?sub?(&(|(memberUid=%{User-Name})(macAddress=%{User-Name}))(univentionObjectType=groups/group)(univentionVlanId=*))}") {
>			 update reply {
>				 Reply-Message := "DEBUG: Assigning VLAN-ID from user / computer object"
>				 Tunnel-Type := VLAN
>				 Tunnel-Medium-Type := IEEE-802
>-                Tunnel-Private-Group-Id := "%{ldap:ldap:///dc=domain,dc=net?univentionVlanId?sub?(&(memberUid=%{User-Name})(univentionObjectType=groups/group)(univentionVlanId=*))}"
>+                Tunnel-Private-Group-Id := "%{ldap:ldap:///dc=domain,dc=net?univentionVlanId?sub?(&(|(memberUid=%{User-Name})(memberUid=%{1}))(univentionObjectType=groups/group)(univentionVlanId=*))}"
>			 }
>		 }
>		 # If we can't find a matching VLAN ID for the user or machine client in LDAP, we return the default VLAN ID, if configured.

Actions: View | Diff

Attachments on bug 56060: 11064