Presentation is loading. Please wait.

Presentation is loading. Please wait.

Variables. All Rights Reserved © Alcatel-Lucent 2007 2 | Variables Module Objectives Variables definition and use Variable groups Modifiers Maps to assign.

Similar presentations


Presentation on theme: "Variables. All Rights Reserved © Alcatel-Lucent 2007 2 | Variables Module Objectives Variables definition and use Variable groups Modifiers Maps to assign."— Presentation transcript:

1 Variables

2 All Rights Reserved © Alcatel-Lucent 2007 2 | Variables Module Objectives Variables definition and use Variable groups Modifiers Maps to assign values and move data in/out of VitalAAA

3 All Rights Reserved © Alcatel-Lucent 2007 3 | Variables Variables variables Temporary storage of data and communication between methods is done through variables related to the current request. Each variable has a name and a value. Variable, value pairs are described by the basic form: Variable = Value For example: User-Name = oneuser The name of the variable The value assigned to the variable

4 All Rights Reserved © Alcatel-Lucent 2007 4 | Variables Variables All data used to process the Authentication or Accounting request is stored in variables… Attributes from the actual RADIUS request Attributes received from a remote RADIUS server (proxy) Data read from files, databases and directories Additional information like: Time of day RADIUS client name (Source address of the request) Server settings Client properties Any new calculated data or data derived from other variables: Realm Access list matches Data parsed from other variables

5 All Rights Reserved © Alcatel-Lucent 2007 5 | Variables Variables At the time a request is received, there are no variables set. Other than those that hold system and client properties (read-only) As the request is processed variables may be created, modified and deleted After the reply has been sent, all variables used in processing the request are deleted. Variables are created, based on the request received Extra variables are created/modified/deleted, as the plug- ins read from external sources of information (files, DBs, remote, etc.) Request Final Response When the PF ends the execution (and a final response is sent back to the NAS), all variables for that request are deleted

6 All Rights Reserved © Alcatel-Lucent 2007 6 | Variables Variables names Variables names may be defined in the dictionary In which case we call them Attributes And their name is fixed This is required for any variable exchanged between RADIUS clients and servers Or, variables can be created on the fly and used locally to store information about the request. This information can be read from files, extracted from other variables or set to constant values. They can have any name, and need not be in the dictionary

7 All Rights Reserved © Alcatel-Lucent 2007 7 | Variables Variable Organization Variables are grouped by their purpose: Storage of RADIUS attributes received in an access request RADIUS attributes to be sent in a reply Derived from request attributes Server properties Client properties User information retrieved from files and databases A variable prefix is used in VitalAAA to help differentiate between the different variable groups For example: the User-Name attribute received in an access request is: request.User-Name And, the IP Address to be sent back to a NAS in an Access-Accept packet is stored as reply.Framed-IP-Address

8 All Rights Reserved © Alcatel-Lucent 2007 8 | Variables Variable Prefixes Prefix Description requestAttributes from the AAA request received from a NAS or other AAA client packetDerived from the AAA packet request userUser defined variables associated with the current user checkVariables which must be tested for specific values before the request can be authorized. Includes the user's password (if present). replyRADIUS Attributes to send back in the reply to the NAS serverVariables from the server_properties file (read only) clientVariables from the client_properties for the current client (read only) securityVariables from security_properties file (read only) systemSystem time in seconds and milliseconds (since 1970) *

9 All Rights Reserved © Alcatel-Lucent 2007 9 | Variables Variable Prefixes The use of prefixes allows us to maintain separate copies of an variable, possibly with different values. request.User-Name might contain the user name received from a user in a PPP session, while reply.User-Name would contain the user name we want the NAS to use for accounting packets. For example: request.User-Name = richard@lucent reply.User-Name = richard@lucent.com Since the reply variable is stored separately from the request variable, we do not have to overwrite one with the other.

10 All Rights Reserved © Alcatel-Lucent 2007 10 | Variables Variable Prefixes & Groups Prefixes are only used internally in VitalAAA. When attributes are actually sent in RADIUS packets the variable prefix is not used. Remember, RADIUS attributes are always identified by number when sent between a client and server. Thus, the IP address we will return, which is stored as reply.Framed-IP-Address, is actually identified as attribute #8 (Framed- IP-Address) when sent to the NAS As specified in the dictionary

11 All Rights Reserved © Alcatel-Lucent 2007 11 | Variables The request Group User-Name Password NAS-IP-Address NAS-Port Service-Type Calling-Station-Id Called-Station-Id NAS-Port-Type The request group contains all variables sent from the client in the authentication or accounting request. Typical authentication variables received in a request include... Which would be stored in VitalAAA variables as... request.

12 All Rights Reserved © Alcatel-Lucent 2007 12 | Variables Augmentation and derivation For example if we receive this RADIUS attribute in the Access Request: alex@bigisp alex@bigisp User-Name = The value received in the Access Request will be stored in the request variable group request.User-Name = And these variables will be created and stored in the packet variable group packet.Base-User-Name = packet.User-Realm = alex bigisp

13 All Rights Reserved © Alcatel-Lucent 2007 13 | Variables The packet group (I) The packet group contains variables derived from the AAA packet received in the request. These variables are: Base-User-Name & User-RealmTaken from the User-Name AVP Framed-IPv6-Address Derived from the received framed- interface-id and framed-ipv6-prefix AVPs Client-NameName or IP address of the client, as it is in clients file Receipt-Time & Event-TimestampWhen the IP packet was received ( yyyy/mm/dd hh:mm:ss) It also takes into account Acct-Delay-Time for retransmissions Acct-Start-Time & Acct-Stop-Time Generated from Event-Timestamp and Acct-Session-Time (for INTERIM and STOP packets)

14 All Rights Reserved © Alcatel-Lucent 2007 14 | Variables The packet group (II) Destination-Address & Source-AddressFrom the IP header If the server is configure to bind to *, this variable will be 0.0.0.0 Destination-Port & Source-PortFrom the UDP header Packet-Type, Packet-Identifier, Packet-Length & Packet-Authenticator Taken from the RADIUS header For Packet-Type, if the codes are in the dictionary, then the text description will be used (not the numeric coding) Protocolradius or diameter TypeAcct or Auth for RADIUS Last-Disposition-Message Contains the process disposition from the previously executed plug-in.

15 All Rights Reserved © Alcatel-Lucent 2007 15 | Variables The packet group (III) 1.2.3.4 -> 2.3.4.5 23456 -> 1813 ID TypeLength Authenticator User-Name=john@home [Acct-Status-Type]=Stop [Acct-Delay-Time=10] [Acct-Session-Time=3600] 3: IP 4: UDP 5: Application RADIUS Acct-Session-Time Acct- Delay- Time Acct-Start-Time Acct-Stop-Time Event-Timestamp Receipt-Time Acct-StartAcct-Stop X Retransmission Base-User-Name=john User-Realm=home Client-Name=nas1 Receipt-Time=2006/03/28 09:52:54 Event-Timestamp=2006/03/28 09:52:44 Acct-Stop-Time=2006/03/28 09:52:44 Acct-Start-Time=2006/03/28 08:52:44 Destination-Address=2.3.4.5 Source-Address=1.2.3.4 Destination-Port=1813 Source-Port=23456 Packet-Type=Accounting-Request Packet-Identifier=5 Packet-Length=234 Packet-Authenticator=3125A9D01D57B74158610E8345CD7258 Protocol=radius Type= Acct *

16 All Rights Reserved © Alcatel-Lucent 2007 16 | Variables The packet group (IV) VA-AVPair attributes are assigned to packet variables: VA-AVPair = "Uss-User-Name = pepe@terra" ---> ${packet.Uss-User-Name}= pepe@terrapepe@terra Other ones related to EAP: ${packet.EAP-Code}, ${packet.EAP-Identifier}, ${packet.EAP-Type}, ${packet.EAP- Identity}, ${packet.EAP-Nak} Other ones related with Lucent TAOS devices: ${packet.Nas-Port-CallType} (Digital or Async) ${packet.NAS-Port-Channel}, ${packet.NAS-Port-Line}, ${packet.NAS-Port-Shelf}, ${packet.NAS-Port-Slot} DS0 of the line the call come in on ${packet.Normalized-NAS-Port} how to decode the ${request.Ascend-NAS-Port-Format} to generate the shelf, slot, line, channel Other ones related to Diameter & TACACS+

17 All Rights Reserved © Alcatel-Lucent 2007 17 | Variables The reply Group The reply group contains variables that will be sent to the client in an access accept packet. Typical variables found with the reply prefix include... Which would be sent in an Access-Accept response as RADIUS attributes... Framed-IP-Address Framed-IP-Netmask Filter-Id Idle-Timeout Tunnel-Assignment-Id Reply-Message Etc... reply. Note: Variables not be listed in the dictionary will not be included in the response.

18 All Rights Reserved © Alcatel-Lucent 2007 18 | Variables Variable Reference (I) When configuring plug-ins, we may want to reference the value of an variable instead of specifying a constant. Here is a method definition that will always look up a user called frank in a user file called frank.users: As can be seen, this method is very limited in usefulness :-) read-frank Method-Type = ReadUserFile ReadUserFile-Filename = frank.user ReadUserFile-SearchKey = frank

19 All Rights Reserved © Alcatel-Lucent 2007 19 | Variables Variable Reference (II) Normally we would want to use the User-Name attribute received in the request as our search key or Base-User-Name from the packet variable group. To do this, we need to specify a variable reference, which is a pointer or reference to specific prefix and variable. Variable references have the form: ${prefix. variable-name}

20 All Rights Reserved © Alcatel-Lucent 2007 20 | Variables Variable Reference (III) Now we can improve on our previous example by using a variable This will always use the user name, without the realm, as the search key. In fact, this case is so common that the default SearchKey for the ReadUserFile plug-in is ${packet.Base-User-Name} read-frank Method-Type = ReadUserFile ReadUserFile-Filename = frank ReadUserFile-SearchKey = frank read-frank Method-Type = ReadUserFile ReadUserFile-Filename = frank ReadUserFile-SearchKey = ${packet.Base-User-Name}

21 All Rights Reserved © Alcatel-Lucent 2007 21 | Variables Variable type definition Variables need not be defined in advanced The data type is taken from the dictionary If not included in the dictionary, they are considered strings and will be automatically converted for calculations, etc. The data format is useful to show the variable in logs, for comparisons, calculations, etc *

22 All Rights Reserved © Alcatel-Lucent 2007 22 | Variables Setting a Default Value (I) A variable reference may also specify a default value: ${prefix.variable-name : default_value } For example... ReadUserFile-SearchKey = ${user.Class-Of-Service : bronze} If user.Class-Of-Service has been set, that is, if it has a value, it will be used as the search key. If user.Class-Of-Service has not been set, the value bronze will be used as the search key. Useful for ${request.*} variables to create default values in case the NAS doesn t send an attribute

23 All Rights Reserved © Alcatel-Lucent 2007 23 | Variables Setting a Default Value (II) A list of alternate variables may be provided. It is read from left to right and the first variable that has been set will be used to set the value of the parameter. In cases like this, a constant, if present, should always be last in the list: ${prefix.variable-name : prefix.variable-name : default_value } For example... ${packet.Normalized-NAS-Port:request.NAS-Port:request.NAS-Port-Id:0}

24 All Rights Reserved © Alcatel-Lucent 2007 24 | Variables Variable Modifiers (I) Variables in parameter settings may also contain modifiers, which effect how the variable is used. ${prefix.variable-name [ modifier ] } In the following example, the parameter is set to lower case by the tolower modifier: ReadUserFile-SearchKey = ${packet.Base-User-Name [ tolower ] } In this example, if ${packet.Base-User-Name} = GeORge, then the ReadUserFile-SearchKey parameter will be set to george It is important to remember that the modifier only changes the value assigned to the parameter. The original variable value remains unchanged.

25 All Rights Reserved © Alcatel-Lucent 2007 25 | Variables Variable Modifiers (II) To work with strings: toUpper | toLower- GeORge[toUpper]-> GEORGE "GeORge[toLower]-> george trim - erases blank characters at the beginning and end " George [trim] -> George dLeft(delim) | dRight(delim) - Returns the left/right portion up to a delimiter user@realm"[dLeft(@)] => 'user' "user@realm"[dRight(@)] => 'realm' nLeft(count) | nRight(count) - Extracts the leftmost | rightmost count of characters from a string. "1234567890"[nLeft(3)] => '123' "1234567890"[nRight(3)] => '890'

26 All Rights Reserved © Alcatel-Lucent 2007 26 | Variables Variable Modifiers (III) To make some simple math operations: Increment | Decrement - Add or substract 1 (or N) to a numeric variable. ${packet.Remaining-Tries[decrement]} 100[increment] => 101 100"[decrement(10)] => '90' Multiply | Divide – when dividing to take the integer part "6"[multiply(2)] => 12' ${user.Session-Timeout_in_ms} = ${reply.Session-Timeout[multiply(1000)]}; 256"[divide(16)] => '16' 7[divide(2)] => 3

27 All Rights Reserved © Alcatel-Lucent 2007 27 | Variables Variable Modifiers (IV) To work with multi-valued variables first | last | random - First, last or any random value of a multi-valued variable Hello,Hi[first] -> Hello Hello,Hi[last] -> Hi count - Returns the number of ocurrences Hello,Hi[count] -> 2 shuffle- Randomly orders a multi-value value Hello,Hi[shuffle] -> Hi,Hello

28 All Rights Reserved © Alcatel-Lucent 2007 28 | Variables Variable Modifiers (IV) Conversions from/to opaque to different data types: toBase64 | fromBase64 'This is a test.' => 'VGhpcyBpcyBhIHRlc3Qu' ToGmtTimeStamp | FromGmtTimestamp toLocalTimestamp | fromLocalTimestamp | fromDate | toDate Converts a 4-byte opaque string to a date format YYYY/MM/DD HH:MM:SS 0x00000000 => '1970/01/01 00:00:00 formatLocalTimeStampWithMillis | FormatGmtTimestampWithMillis To also take into account the milliseconds for extra precision Format: YYYY/MM/DD HH:mm:ss.SSS

29 All Rights Reserved © Alcatel-Lucent 2007 29 | Variables Variable Modifiers (V) fromUnsigned64|toUnsigned64, fromInteger64|toInteger64 fromUnsigned32|toUnsigned32, fromInteger32|toInteger32, fromInt | toInt fromUnsigned16|toUnsigned16, fromInteger16|toInteger16, fromShort | toShort fromUnsigned8|toUnsigned8, fromInteger8|toInteger8 toFloat32|fromFloat32, toFloat64|fromFloat64 Error if opaque string is not of the same expected length toIPv4Addr|fromIPv4Addr, toIpAddr | fromIpAddr 0x0A000001 '10.0.0.1' toIPv6Addr|fromIPv6Addr 0x11112222333344445555666677778888 '1111:2222:3333:4444:5555:6666:7777:8888

30 All Rights Reserved © Alcatel-Lucent 2007 30 | Variables Variable Modifiers (VI) toNetworkAddress | fromNetworkAddress to have a generic representation of either an IPv4 address (6 bytes starting by 0x0001) or IPv6 address (18 bytes starting by 0x0002) 'ff02::1' => 0x0002FF020000000000000000000000000001 toHex | fromHex 0x1234 (2 byte-opaque) 1234 (4-byte string) escape | unescape Converts an escaped string into a raw format: 0x61 0x0D 0x0A 0x5C 0x20 'a\r\n\\ quote | unquote adds or remove quotes to a string AB (=0x4120420A) "A B\n toMnId | fromMnId Converts a packed decimal format used for mobile node identifiers (CDMA2000) to a string of decimal digits '123456789012345' => 0x1E 0x32 0x54 0x76 0x98 0x10 0x32 0x54

31 All Rights Reserved © Alcatel-Lucent 2007 31 | Variables Variable Modifiers (VII) toTbcd | fromTbcd Converts a packed decimal format used for telephone numbers to a string of decimal digits (bcd=binary coding decimal) '1915306727577' => 0x91 0x51 0x03 0x76 0x72 0x75 0xF7 ToCode - converts an EnumerationValue or a BooleanValue to an integer representation ${request.Acct-Status-Type} -> Start ${request.Acct-Status-Type[toCode] } -> 1 toUtf8 | FromUtf8 Converts a string to a byte array using Latin-1 character encoding. Byte array is then converted to a string using UTF-8 character encoding. asString Converts any value, scalar, list or map, into a simple string.

32 All Rights Reserved © Alcatel-Lucent 2007 32 | Variables Variable Modifiers (VIII) For booleans variables: not 'true[not] 'false isNumeric – to know if a variable is numeric or not abc"[isNumeric] => 'false' "123"[isNumeric] => 'true isName – to know if the variable is only 1 word with alphanumeric, dash or underscore. "test-case"[isName] => 'true' "favorite color"[isName] => 'false' exists – to tell if a variable exists ${request.Nas-IP-Address[exists]} -> true ${request.asdfasdfasdfasfd[exists]} -> false *

33 All Rights Reserved © Alcatel-Lucent 2007 33 | Variables Variable Modifiers (IX) To make quick time differences calculations (in ms) [milisBeforeNow] for a variable with a past timestamp E.g: Message-On-Success = Total Processing Time = ${packet.Receipt- Time[milisBeforeNow] ms. [milisAfterNow] for a future timestamp StateServer-RequestMap = ${timeout.Session} = ${user.Limit-Disconnection- Time[milisAfterNow]}; New 5.1

34 All Rights Reserved © Alcatel-Lucent 2007 34 | Variables Variable Modifiers (X) Conditional Assignment require(value) | prohibit (value) compares the first and only parameter to the reference value and either returns the value if equal, or null, if not equal require-range(low,high) | prohibit-range (low,high) isRadius- Returns the value if the work item is a diameter item, else returns null. isDiameter - Returns the value if the work item is a diameter item, else returns null. ${reply.MS-MPPE-Recv-Key} = ${key32-1[isRadius]}; ${reply.MS-MPPE-Send-Key} = ${key32-2[isRadius]}; ${reply.EAP-Master-Session-Key} = ${key64-1[isDiameter]}; isAuth – Returns the value if the PF belongs to Auth, else returns NULL isAcct – The same for an acct PF

35 All Rights Reserved © Alcatel-Lucent 2007 35 | Variables Variable Modifiers (XI) convert – for conditional convertion of a value to a different one If there are two parameters present, if the value equals the first parameter, the value is converted to the second parameter, otherwise, null is returned. "red[convert(red,blue)] => 'blue' "yellow"[convert(red,blue)] => null If there are three parameters present, if the value equals the first parameter, the value is converted to the second parameter, otherwise the third parameter is returned. "red"[convert(red,blue,green)] => 'blue' "yellow"[convert(red,blue,green)] => 'green'

36 All Rights Reserved © Alcatel-Lucent 2007 36 | Variables Modifiers concatenation Modifiers can be concatenated for more complex processing. Examples: GeorGE [toLower,trim] -> george [fromLocalTimestamp,ToUnsigned32] | [FromUnsigned32,ToLocalTimestamp] – Converts a date YYYY/MM/DD HH:MM:SS with text format into a number string (seconds elapsed since Jan 1, 1970) –Useful to do mathematical calculations with dates, to add/subtract 1 hour/day 2007/04/01 12:53:12[fromLocalTimestamp,toUnsigned32,decrement(86400),fromUnsigne d32,toLocalTimestamp]} => 2007/03/31 12:53:12 [fromLocalTimestamp, toGmtTimestamp] – to change to GMT date 65537[fromUnsigned32,nRight(2),toUnsigned32] => 1 Takes last 2 bytes to an integer

37 All Rights Reserved © Alcatel-Lucent 2007 37 | Variables Data map (I) When VitalAAA reads data from or writes to an external source like… An LDAP server, remote (proxy) host, database, Files … It needs to know how to link (or map) information Mapping between the NAS and VitalAAA for AAA requests is done implicitly, and there is no need to manual define it ${request.*} & ${packet.*} variable groups ${reply.*} variable group External data source VitalAAA internal variables Explicit Write Map Explicit Read Map Automatic Read Map ${request.*} Automatic Write Map ${reply.*}

38 All Rights Reserved © Alcatel-Lucent 2007 38 | Variables Data Maps (II) Read maps define how incoming data is translated into internal variables. ${prefix.variable} = ${External value}; The meaning of the data field name used on the right-hand side (the source side) of the assignment is defined by the data source. Write maps define how to assign values to outgoing data ${External value} = ${prefix.variable}; Filter maps define how to pass data between VA variables ${prefix.variable} = ${prefix.variable}; NOTE: All mappings must end with a semicolon (;) External data source Write Map Read Map Filter Map

39 All Rights Reserved © Alcatel-Lucent 2007 39 | Variables Assignment types for mappings = or ?=[weak, default] If the variable already existed and had a value, do NOT overwrite it :=[replace] Assign the value, even if the variable already had another value ${user.Remaining-Attempts}:=${user.Remaining- Attempts[decrement]}; equivalent to ${user.Remaining-Attempts[replace]} = ${user.Remaining- Attempts[decrement]}; +=[append] Add another value to a multi-valued variable ${reply.Reply-Message} = Good Morning; ${reply.Reply-Message} += How are you? –equivalent to ${reply.Reply-Message[append]} = How are you?; Special command --- delete ${prefix.variable} deletes the specified variable or a variable group delete ${reply.Framed-IP-Address} delete ${reply.*}

40 All Rights Reserved © Alcatel-Lucent 2007 40 | Variables Read Map Examples (I) Assign the contents of the SERVICE-DEFINITION field in an LDAP directory to a variable named Service-Def: (Ldap): ${user.Service-Def} = ${SERVICE-DEFINITION}; Use the UNIX Group ID as the service template identifier: (ReadGetpwnam) ${user.Service-ID} = ${GID}; Read the ISP Name from column 2 of a delimited file: (ReadDelimitedFile): ${user.ISP-Name} = ${2}; Read Map

41 All Rights Reserved © Alcatel-Lucent 2007 41 | Variables Read Map Examples (II) Save only the Framed-Address and Session-Timeout attributes returned by a remote (proxy) and set the idle timeout to 2 minutes: (Radius) ${reply.Framed-IP-Address} = ${Framed-IP-Address}; ${reply.Session-Timeout} = ${Session-Timeout}; ${reply.Idle-Timeout} := 120; Set the Source-Tag variable in the user group to the constant value RemoteUser : (ReadWrite) ${user.Source-Tag} = RemoteUser;

42 All Rights Reserved © Alcatel-Lucent 2007 42 | Variables Write Map Examples Assign the contents of the Service-Class variable in the user group to a database field referred as the first variable in a SQL statement: (Jdbc) ${1} = ${user.Service-Class}; Send the remote proxy the user Name portion of the User-Name variable (I.e. remove the realm): (Radius) ${User-Name} = ${packet.Base-User-Name}; Substitute whatever the original realm with remote when doing proxy-radius: (Radius) ${User-Name} = ${packet.BaseUser-Name}@remote; Write Map

43 All Rights Reserved © Alcatel-Lucent 2007 43 | Variables Filter Map Examples Create a new variable by concatenating two existing variables: ${user.Class-Of-Service} = ${user.User-Type}-${request.NAS-Port-Type}; Convert the User-Name from the request to lower case and store the result in a new variable in the user group. (Note, the original variable remains unchanged.): ${user.Lower-User-Name} = ${request.User-Name[toLower]}; Filter Map

44 All Rights Reserved © Alcatel-Lucent 2007 44 | Variables Bulk assignments It is also possible to create variables and assign a value without really knowing the name before hand The input information should be in the format of: variable_name = value, variable_name = value, ….., variable_name Ex: Service-Type=Framed, Framed-Ip-Address=255.255.255.255 will create: ${reply.Service-Type}=Framed ${reply.Framed-IP-Address}=255.255.255.255 ${reply.*} = ${*}; variable = value, variable = value, ….., variable = value

45 All Rights Reserved © Alcatel-Lucent 2007 45 | Variables Where to store the maps (I) Inline or explicit maps They are written in the map property of a plug-in inside the PF files External or file referenced maps They are written in any file, and referenced in the map property of a plug-in in the PF files Advantages of external mapping: if a mapping is changed in the future, the PF files need not be changed, only the map file VA policy server needs not be restarted –an external map file can be reloaded on the fly –a PF file cannot be reloaded to have different complex mapping organized in specific files

46 All Rights Reserved © Alcatel-Lucent 2007 46 | Variables Inline Maps Example ReadLdap Method-Type = Ldap Method-On-Success = AuthLocal […other LDAP properties…] Ldap-Map = "${check.Password} = ${passwd};" Ldap-Map = "${user.Class-Of-Service} = ${usertype};" ReadLdap Method-Type = Ldap Method-On-Success = AuthLocal […other LDAP properties…] Ldap-Map = "${check.Password} = ${passwd};" Ldap-Map = "${user.Class-Of-Service} = ${usertype};" Note: In this example it is assumed there are fields named passwd and usertype are defined in the LDAP schema. Remember: Inline maps must always be quoted. aaa.pf

47 All Rights Reserved © Alcatel-Lucent 2007 47 | Variables External Maps Example Note: When using external maps (map files) it is not necessary to quote the entire assignment. However, the mapping instructions in the external file must still end with a ; Map file is assumed to be in the run directory, otherwise specify a path. ReadLdap Method-Type = Ldap Method-On-Success = AuthLocal […other LDAP properties…] Ldap-Map = @readldap.map" ReadLdap Method-Type = Ldap Method-On-Success = AuthLocal […other LDAP properties…] Ldap-Map = @readldap.map" aaa.pf ${check.Password} = ${passwd}; ${user.Class-Of-Service} = ${usertype}; ${check.Password} = ${passwd}; ${user.Class-Of-Service} = ${usertype}; readldap.map


Download ppt "Variables. All Rights Reserved © Alcatel-Lucent 2007 2 | Variables Module Objectives Variables definition and use Variable groups Modifiers Maps to assign."

Similar presentations


Ads by Google