Users in DualShield have attributes such as the name of the domain they belong to, or the names of the groups they are member of, etc. Below is a list of commonly used user attributes:
- loginName
- domain.name
- unit.name
- groups.name
For example, to map the RADIUS attribute IETF/User-Name to a user's login name:
Group Names
Group name is slightly more complicated. However. A user may be a member of more than one group, therefore the attribute "groups.name" will return an array of group names. If you needs it to print the list of name as a comma separated values then you need to use the "join" function:
groups.name.join(',')
If you just want the name of the first group, then it is:
groups[0].name
If you want to return a specific group name, then you must map a RADIUS attribute, e.g. Filter-Id to the script below:
nestedGroups.find{it.radiusAttributes.any{ att-> att.name=='Filter-Id'}}.name
Then you must also assign the RADIUS attribute to the group, e.g. 'aaa'
IETF/Class
The RADIUS attribute "class" has the data type called "octets". In DualShield, there is no such data type. You must use the hexadecimal value of the data or use the "bytes" function:
- If the value is a fixed value, use the hexadecimal form of the value. For example, if the value is "123", then use "313233".
- If the value is a dynamic value, use the function "bytes" to get the value. For example, "domain.name.bytes"
There are several other RADIUS attributes that are defined as "octets" Please refer to:
http://opensource.apple.com/source/freeradius/freeradius-11/freeradius/share/dictionary.rfc2865