When using a Fortinet firewall, you can specify a RADIUS group that the firewall will check if the user is a member of. It looks for the AVP
Fortinet-Group-Name. I am trying to configure
rlm_perl.ini to map the AD attribute
memberOf to Fortinet’s AVP
Fortinet-Group-Name. I’ve configured my LDAP resolver in the webGUI to map memberOf to Fortinet-Group-Name and can see it populating under a user’s profile in PrivacyIDEA. I then configured the following in
[Attribute Fortinet-Group-Name] dir = user userAttribute = memberOf regex = CN=(\w*),OU=groups,DC=example,DC=org
However, after running through a test authentication, the log reports the following:
Thu May 14 16:18:42 2020 : Info: rlm_perl: ++++++ searching in directory user Thu May 14 16:18:42 2020 : Info: rlm_perl: +++++++ User attribute is a string: Thu May 14 16:18:42 2020 : Info: rlm_perl: +++++++ trying to match Thu May 14 16:18:42 2020 : Info: rlm_perl: ++++++++ Result: No match, no RADIUS attribute Fortinet-Group-Name added.
Where can I find information on the different…directives?.. to use under
[Attribute Fortinet-Group-Name] as I think that’s where my problem lies and I have no idea what
dir is actually telling the system to do.
If I get it properly passing group names, does it concatenate all the values it finds in $1 into a single string or maintain an array of strings?