xlat expand profile filter

remove search for PW_USER_PROFILE and expand default profile instead. If people really want the old functionality they can just set default = "%{control:User-Profile}".

diff --git a/src/modules/rlm_ldap/attrmap.c b/src/modules/rlm_ldap/attrmap.c
index bc0531b..66d5541 100644 (file)
--- a/src/modules/rlm_ldap/attrmap.c
+++ b/src/modules/rlm_ldap/attrmap.c
@@ -342,7 +342,12 @@ rlm_rcode_t rlm_ldap_map_profile(ldap_instance_t const *inst, REQUEST *request,
        if (!dn || !*dn) {
                return RLM_MODULE_OK;
        }
-       strlcpy(filter, inst->profile_filter, sizeof(filter));
+
+       if (radius_xlat(filter, sizeof(filter), request, inst->profile_filter, rlm_ldap_escape_func, NULL) < 0) {
+               REDEBUG("Failed creating profile filter");
+
+               return RLM_MODULE_INVALID;
+       }
 
        status = rlm_ldap_search(inst, request, pconn, dn, LDAP_SCOPE_BASE, filter, expanded->attrs, &result);
        switch (status) {

diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c
index 4023fa1..d650aec 100644 (file)
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -980,9 +980,15 @@ skip_edir:
        /*
         *      Apply ONE user profile, or a default user profile.
         */
-       vp = pairfind(request->config_items, PW_USER_PROFILE, 0, TAG_ANY);
-       if (vp || inst->default_profile) {
-               char const *profile = vp ? vp->vp_strvalue : inst->default_profile;
+       if (inst->default_profile) {
+               char profile[1024];
+
+               if (radius_xlat(profile, sizeof(profile), request, inst->default_profile, NULL, NULL) < 0) {
+                       REDEBUG("Failed creating default profile string");
+
+                       rcode = RLM_MODULE_INVALID;
+                       goto finish;
+               }
 
                rlm_ldap_map_profile(inst, request, &conn, profile, &expanded);
        }