Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

LDAP Script Basics

To configure LDAP scripting, you add JavaScript instructions to the [Script] section of the ldapauth.aut file. You can perform these operations in your LDAP scripts:

  • Get, set, and reset values of variables stored in the LDAP variable table
  • Invoke LDAP queries defined in the [Search/name] sections of the ldapauth.aut file
  • Write diagnostic messages and script traces to the Steel-Belted Radius Carrier log
  • Evaluate arbitrary program logic coded in your script
  • Exit the script and return a result code string to the LDAP plug-in

When Steel-Belted Radius Carrier starts, it reads the text of the section from ldapauth.aut and passes it as a block to the JavaScript interpreter, which compiles it into bytecodes. The bytecodes are stored for execution during subsequent LDAP authentication requests. If syntax errors are detected in the JavaScript text, the script does not compile and the LDAP authentication plug-in is disabled. Any error messages generated during script compilation appear in the Steel-Belted Radius Carrier log file.

You can use the scriptcheck utility to check your LDAP scripts for syntax errors without having to start Steel-Belted Radius Carrier. For more information, see scriptcheck.

Working with the Variable Table

You configure the variable table for scripting the same way you do for unscripted configurations. Input RADIUS attributes that the script manipulates must be identified in the [Request] section of the ldapauth.aut file. Output RADIUS attributes that the script manipulates must be identified in the [Response] section of the ldapauth.aut file.

The LdapVariables object is available to your script for manipulating attributes in the variable table. The LdapVariables object exposes three methods that scripts can call:

  • LdapVariables.Get() retrieves the current value or values for a variable stored in the LDAP variable table.
  • LdapVariables.Add() creates a new variable or adds a value to an existing variable.
  • LdapVariables.Reset() deletes all of the values of the specified variable.

Invoking LDAP Queries

Any query defined in a [Search/name] section of ldapauth.aut can be invoked programmatically by an LDAP script. Use the Ldap.Search() method to invoke the query, giving the name of the query as the argument to the method.

As with unscripted searches, you can identify a set of LDAP attributes to be extracted from the LDAP response and placed in the variable table. You do this by creating an [Attributes/name] section in the ldapauth.aut file and specifying this section with the Attributes parameter in the query definition.

For more information about LDAP attributes, refer to the section on the LDAP Authentication File in the SBR Carrier Reference Guide.

Writing to the Steel-Belted Radius Carrier Log

Use the SbrWriteToLog() function to insert diagnostic or informational text strings into the Steel-Belted Radius Carrier log file. You can use the optional level argument to control the log level visibility of your message.

Use the SbrTrace() function to display trace information about your script in the Steel-Belted Radius Carrier log.

For more details about these functions, see Logging and Diagnostic Methods.

Modified: 2018-01-11