This chapter explains how to transform string type attribute values using the mod_transform module. All request types are accepted by the mod_transform module.
Important:
Only attributes of RADIUS type string can be transformed. Transformation of other attribute types is not supported.It is sometimes useful to perform operations on a RADIUS packet without having to write a custom module. For example, you may wish to strip out leading or trailing characters, add the domain name to a user name, or copy an attribute value from one attribute to another.
Use the mod_transform module to perform these types of transformations. Multiple transformations can be performed on one or more attributes in the packet. When a transformation is completed, the packet along with the transformed attributes are passed to the next module worker class in the chain.
No global configuration options are supported for this module. Use the $MODULES section of the RADIUS configuration file (BRM_home/apps/radius/config, where BRM_home is the directory in which BRM components are installed) for all module specific configurations. The mandatory type element for this module is mod_transform.
Use the check element to match attribute-value pairs in a request:
If the attribute-value pair in the request matches the criteria set in the check element, the request is processed.
If any attribute in the check element is not matched in the request, the check fails. After the check fails, the request is passed on to the next module worker class in the chain.
The send element does not apply to this module.
In the transform block, define the list of transform operations to be performed on an attribute. Transformations are carried out in the order specified. Use the transform element to define a module specific transformation.Within a transform block, the operations are carried out in the order specified. The syntax is:
Attribute_name = transform_function
These transformation functions are supported.
Search and replace.
Syntax: Replace/target_string/replace_string/
Change case.
Syntax: ChangeCaseUpper | ChangeCaseLower
Strip leading space.
Syntax: StripLeading
Strip trailing space.
Syntax: StripTrailing
Add an attribute.
Syntax: add
Copy an attribute.
Syntax: copy
Note:
Syntax for these transformation functions is case sensitive.Example:
This example shows the syntax for each transformation function as it appears in the configuration file. The next example shows the results.
transform1 {
type = mod_transform
transform {
User-Name = StripLeading
}
}
transform2 {
type = mod_transform
transform {
User-Name = StripTrailing
}
}
transform3 {
type = mod_transform
transform {
User-Name = ChangeCaseUpper
}
}
transform4 {
type = mod_transform
transform {
User-Name = ChangeCaseLower
}
}
transform5 {
type = mod_transform
transform {
User-Name = Replace/$/@portal.com/
}
}
transform6 {
type = mod_transform
transform {
User-Name = Replace/^/user_/
}
}
transform7 {
type = mod_transform
transform {
User-Name = Replace/example//
}
}
transform8 {
type = mod_transform
add {
Class = "MyClass"
}
}
transform9 {
type = mod_transform
copy {
Reply-Message = Class
}
}
Results:
THREAD: [1] got request: User-Name = " bbexample " [transform1]: Resulting packet after transform: User-Name = bbexample [transform2]: Resulting packet after transform: User-Name = bbexample [transform3]: Resulting packet after transform: User-Name = bbexample [transform4]: Resulting packet after transform: User-Name = bbexample [transform5]: Resulting packet after transform: User-Name = bbexample@portal.com [transform6]: Resulting packet after transform: User-Name = user_bbexample@portal.com [transform7]: Resulting packet after transform: User-Name = user_bb@portal.com [transform8]: Resulting packet after transform: User-Name = user_bb@portal.com Class = MyClass [transform9]: Resulting packet after transform: User-Name = user_bb@portal.com Class = MyClass Reply-Message = MyClass
Use the add element to append an attribute value to the incoming request. The syntax is:
Attribute_name = attribute_value
Use the copy element to copy the value of attribute_2 to attribute_1.
If the attribute_2 doesn't exist in the packet, the operation is not performed.
If attribute_1 is not present, an attribute with the value of attribute_2 is created and appended to the packet, else the value of attribute_1 is changed.
The syntax is:
attribute_1 = attribute_2
This example shows how the user name attribute is transformed by stripping out the domain name, appending isp.com, and prepending the "user" to the user name. A new attribute, the calling station id, is then added and copied to the user name attribute.
Example:
# mod_transform to strip leading and trailing space, change to uppercase
# From the User-Name attribute, removes domain "domain.com", appends isp.com and prepends "user" to username .
# from all packets from 164.123.10.1
mod_transform {
check {
Pseudo-Request-Source = 164.123.10.1
User-Name = "*@domain.com"
}
add {
Calling-Station-Id = "408-111-2222"
}
copy {
User-Name = Calling-Station-Id
}
transform {
User-Name = StripLeading
User-Name = StripTrailing
User-Name = ChangeCaseUpper
User-Name = Replace/"@domain.com"//
User-Name = Replace/^/"user_"//
User-Name = Replace/$/"@isp.com"//
}
}