Users in DualShield have attributes such as the name of the domain they belong to, or the groups they are members of, etc. Below is a list of commonly used user attributes:

  •  loginName
  •  domain.name
  •  unit.name
  •  groups.name

For example, to map the RADIUS attribute IETF/User-Name to a user's login name:

 

Group Names

A user may be a member of more than one group, therefore the attribute "groups.name" will return an array of group names.

If you just want the name of the first group, then it is:

groups[0].name

If you want to return a specific group name, then you must map a RADIUS attribute, e.g. Filter-Id to the script below:

nestedGroups.find{it.radiusAttributes.any{ att-> att.name=='Filter-Id'}}.name

Then you must also assign the RADIUS attribute to the group, e.g. 'aaa'

If you need DualShield to return a list of names as a comma separated values then you need to use the "join" function:

groups.name.join(',')

If you need DualShield to return a list of names as an array of individual names, then you must select the option "Return as multiple attributes"

Class Attribute

The RADIUS attribute "class" has the data type called "octets" which means a byte array. In DualShield, you must use the hexadecimal value of the data or use the "bytes" function:
  1.  If the value is a fixed value, then use the hexadecimal form of the value. For example, if the value is "123", then use "313233".
  2.  If the value is a dynamic value, then use the function "bytes" to get the value. For example, "domain.name.bytes", "groups.name.bytes", etc

 


There are several other RADIUS attributes that are defined as "octets" Please refer to:

https://datatracker.ietf.org/doc/html/rfc2865

https://www.freeradius.org/rfc/attributes-rfc2865.html