Script settings for the LDAP authentication plug-in are embedded directly in the ldapauth.aut file. Except where noted, this guide applies equally to both ldapauth.aut and .jsi file types. For information about configuring other LDAP authentication plug-in settings, see LDAP Authentication File in the SBR Carrier Reference Guide.
Each .jsi file can contain these sections:
The [Settings] section (Table 124) contains parameters that control logging and debugging of your script.
The LogLevel parameter sets the default level assigned to log messages produced by calls to the SbrWriteToLog() and SbrTrace() API functions. To determine if the message appears in the log, Steel-Belted Radius Carrier compares the message log level to the server log level (configured by the LogLevel parameter in radius.ini). If the server log level is greater than or equal to the message log level, the message is written to the Steel-Belted Radius Carrier log. If server log level is less than the message log level, the message is not written to the Steel-Belted Radius Carrier log.
You can override the script file LogLevel parameter when calling SbrWriteToLog() and SbrTrace() using the optional LogLevel function argument. For more details, see SbrWriteToLog() and SbrTrace and ScriptTraceLevel.
The MaxScriptSteps parameter limits the number of branch callbacks that a script can perform in a single invocation. A branch callback is a backwards branch in the script code (for example, what occurs in a for loop), or a return from a function call. If the limit is reached, the script is automatically terminated with a runtime exception.
Table 124: [Settings] Section Parameters
Specifies the default log level at which messages are produced by calls to SbrWriteToLog() and SbrTrace(). The value must be less than or equal to the LogLevel value in the radius.ini file for messages to appear. The parameter can be overridden by supplying a LogLevel argument in the function calls.
Default value is 0.
Controls the generation of line-by-line script trace information in the log.
At Level 0, no traces are logged.
At Level 1, traces are logged only when the SbrTrace() function is executed by the script.
At Level 2, a trace is generated for every line executed by the script.
Default value is 0.
Limits the number of branch callbacks that can be executed during a single script invocation. If the limit is reached, the script automatically terminates with a runtime exception.
Default value is 10000.
The [Script] section contains the body of your script. Unlike other configuration file sections, where parameters appear on individual lines, the script is entered as multi-line blocks of text. The script is processed until a line is encountered that begins with a left bracket (“[”) or the end of the file is reached.
This example shows a simple [Script] section containing code that writes a message to the server log.
The [ScriptTrace] section (Table 125) is optional. You can use the [ScriptTrace] section to select specific data values to print in the script trace logs. If you enable script tracing but do not specify any parameters in the [ScriptTrace] section, the trace frames contain statement and line number information but no script data values.
Each line in the [ScriptTrace] section specifies a type string and an argument. The type string selects the type of data value to be traced and the argument specifies its name.
These types are supported:
var—The argument is the name of a local or global script variable.
attr—The argument is the name of an LDAP variable table entry (ldapauth.aut only).
Table 125: [ScriptTrace] Section Parameters
Declares the name of an LDAP variable table entry that appears in script trace logs (ldapauth.aut only).[ScriptTrace]var = countvar = useridattr = User-Name (ldapauth.aut only)attr = Service-Type (ldapauth.aut only)
The [Failure] section is optional. It specifies a string value that is ultimately returned by a script if the script first returns SCRIPT_RET_FAILURE.
For LDAP authentication scripts, the value of the [Failure] section has a more complex interpretation. For details about the [Failure] section of the ldapauth.aut file, see LDAP Authentication File in the SBR Carrier Reference Guide.
For realm selection scripts, the value of the [Failure] section specifies the name of the realm to be returned if the script execution fails.
For attribute filter scripts, the value of the [Failure] section specifies the name of a static attribute filter to execute if the script execution fails.