Users in DualShield have attributes such as the name of the domain they belong to, or the groups they are members of, etc. Below is a list of commonly used user attributes:

•  loginName
•  domain.name
•  unit.name
•  groups.name

For example, to map the RADIUS attribute IETF/User-Name to a user's login name:

Group Names

Group name is slightly more complicated. However. A user may be a member of more than one group, therefore the attribute "groups.name" will return an array of group names.

If you just want the name of the first group, then it is:

groups[0].name

If you want to return a specific group name, then you must map a RADIUS attribute, e.g. Filter-Id to the script below:

nestedGroups.find{it.radiusAttributes.any{ att-> att.name=='Filter-Id'}}.name

Then you must also assign the RADIUS attribute to the group, e.g. 'aaa'

If you need DualShield to return a list of names as a comma separated values then you need to use the "join" function:

groups.name.join(',')

If you need DualShield to return a list of names as an array of individual names, then you must select the option "Return as multiple attributes"

IETF/Class

The RADIUS attribute "class" has the data type called "octets" which means a byte array. In DualShield, you must use the hexadecimal value of the data or use the "bytes" function:

1.  If the value is a fixed value, then use the hexadecimal form of the value. For example, if the value is "123", then use "313233".
2.  If the value is a dynamic value, then use the function "bytes" to get the value. For example, "domain.name.bytes", "groups.name.byte", etc

There are several other RADIUS attributes that are defined as "octets" Please refer to:

http://opensource.apple.com/source/freeradius/freeradius-11/freeradius/share/dictionary.rfc2865

Related Articles