Users in DualShield have attributes such as the name of the domain they belong to, or the names of the groups they are member of, etc. Below is a list of commonly used user attributes:
For example, to map the RADIUS attribute IETF/User-Name to a user's login name:
Group Names
Group name is slightly more complicated. However. A user may be a member of more than one group, therefore the attribute "groups.name" will return an array of group names. If you needs it to print the list of name as a comma separated values then you need to use the "join" function:
groups.name.join(',')
If you just want the name of the first group, then it is:
groups[0].name
If you want to return a specific group name, then you must map a RADIUS attribute, e.g. Filter-Id to the script below:
nestedGroups.find{it.radiusAttributes.any{ att-> att.name=='Filter-Id'}}.name
Then you must also assign the RADIUS attribute to the group, e.g. 'aaa'
IETF/Class
The RADIUS attribute "class" has the data type called "octets". In DualShield, there is no such data type. You must use the hexadecimal value of the data or use the "bytes" function:
There are several other RADIUS attributes that are defined as "octets" Please refer to:
http://opensource.apple.com/source/freeradius/freeradius-11/freeradius/share/dictionary.rfc2865