Users in DualShield have attributes such as the name of the domain they belong to, or the groups they are members of, etc. Below is a list of commonly used user attributes:
- loginName
- domain.name
- unit.name
- groups.name
For example, to map the RADIUS attribute IETF/User-Name to a user's login name:
Group Names
If you just want the name of the first group, then it is:
groups[0].name
If you want to return a specific group name, then you must map a RADIUS attribute, e.g. Filter-Id to the script below:
nestedGroups.find{it.radiusAttributes.any{ att-> att.name=='Filter-Id'}}.name
Then you must also assign the RADIUS attribute to the group, e.g. 'aaa'
If you need DualShield to return a list of names as a comma separated values then you need to use the "join" function:
groups.name.join(',')
If you need DualShield to return a list of names as an array of individual names, then you must select the option "Return as multiple attributes"
Class Attribute
- If the value is a fixed value, then use the hexadecimal form of the value. For example, if the value is "123", then use "313233".
- If the value is a dynamic value, then use the function "bytes" to get the value. For example, "domain.name.bytes", "groups.name.bytes", etc
There are several other RADIUS attributes that are defined as "octets" Please refer to:
https://datatracker.ietf.org/doc/html/rfc2865
https://www.freeradius.org/rfc/attributes-rfc2865.html