Class attribute length limitation
Description of problem:
We have a problem which have become already a real pain. We are using freeradius and it returns groups as a list (same attributes with different group name values), we can transform this list to a semicolon-separated string required by OC but in this case we have a problem when a user has a lot of groups or group names are quite long and as a result the Class attribute becomes too long and exceeds length: 255. The best solution for us would be the ability to read groups (Class) as a list of AVP:
Class Attribute (25), length: 14, Value: test1
Class Attribute (25), length: 25, Value: test1234543
Class Attribute (25), length: 8, Value: group1
Class Attribute (25), length: 28, Value: group23453
Version of ocserv used:
ocserv-1.1.3
Client used:
any client
Distributor of ocserv
CentOS Stream
How reproducible:
To reproduce the issue simply send the Class attribute as a string exceeding 254 bytes/symbols
Actual results:
The Class attribute is truncated and some groups cannot be checked
Expected results:
We would like to be able to authenticate users having multiple groups that in total length exceeds 254 characters. Can any workaround be used?