group IDs from ConfD and external authentication

[stevenics]

We are using ConfD with external authentication through RADIUS, as described in chapter 14.4.4 of the ConfD manual.  ConfD is passing the username and password to our external program as described in the manual.  The external program (RADIUS client) authenticates the user and outputs "accept admin" for ConfD.  All working as expected to this point.

When locally authenticating we get the group information for the user from ConfD.  When externally authenticating we also want to get the group information from ConfD but we can't locate it.  The manual says that the group information returned from the external program is prepended with the local group information.  We would like to access this information through ConfD, but can't find it.  Does ConfD store the group information provided by the exe?  If yes, where is it stored and what would be the best way to access it?

Do we have to get the information directly from the external program in parallel with ConfD getting it?

Help would be be appreciated.  Thanks

[chriss]

Hi Steve,

You can get the group info from ConfD. In what context do you with to access it? I can think of at least three use-cases:

1. When the user authenticates (with the external AAA server) you can subscribe to an authentication callback in ConfD and extract the group info as an array of group strings

from the struct confd_auth_ctx *actx passed in the callback

2. In a transaction or other kind of callback, you can get a struct uinfo which contains group info

3. In any maapi session, you can get user session info using maapi_get_authorization_info()

Hope this helps!

- chris

[stevenics]

Thanks for the reply Chris.  It's obvious that you know ConfD quite well and I now realize that I didn't give you enough information.

We are using Maapi java script interfaces provided by Tail-f.

For example, we are using Maapi.getCfg('user',function(result) to get the username.  This is returning the expected username.

We are trying to get the external group information or the external with prepended local group information, from ConfD using a Maapi command through java script.

We tried this maapi command

Maapi.getElem(this.readHandle,'/aaa:aaa/authentication/users/user{\"'+ this.user + '\"}/GroupName',function(result_{

but this returns the local group information if it exists or an error if no local group information exists.

Is there a java script maapi command that can return this information?  Something like Mappi.getSession.....

Thanks again

[chriss]

Hi Steve, 

I have to confess I don't use the JavaScript interface at all - strictly the C interfaces. But I was under the impression that there is a corresponding js way to do everything you can do in c. So I'd look at the equivalents of maapi_get_user_sessions(), maapi_get_user_session() and maapi_get_authorization_info(). Between those you should be able to get what you need. Perhaps a js wizard can answer this better.

- chris