infrastructure/machines/nixos/vault01/k-radius/packages/02-request-dgsi-vlan.patch

diff --git a/kanidm/radius/__init__.py b/kanidm/radius/__init__.py
index b44a6ff50..60c7efe7c 100644
--- a/kanidm/radius/__init__.py
+++ b/kanidm/radius/__init__.py
@@ -1,12 +1,14 @@
 """ kanidm RADIUS module """
 import asyncio
 from aiohttp.client_exceptions import ClientConnectorError
+import base64
 from functools import reduce
 import json
 import logging
 import os
 from pathlib import Path
 import sys
+import requests
 from typing import Any, Dict, Optional, Union
 
 from kanidm.exceptions import NoMatchingEntries
@@ -146,13 +148,14 @@ def authorize(
         logging.info("User %s doesn't have a group from the required list.", name)
         return radiusd.RLM_MODULE_REJECT
 
-    # look up them in config for group vlan if possible.
-    # TODO: work out the typing on this, WTF.
-    uservlan: int = reduce(
-        check_vlan,
-        tok.groups,
-        kanidm_client.config.radius_default_vlan,
-    )
+    dgsi_info = requests.get(kanidm_client.config.dgsi_endpoint + "/" + name, headers={
+            "Authorization": "Basic " + kanidm_client.config.dgsi_token
+        })
+    if dgsi_info.status != 200:
+        logging.error("dgsi: error getting vlan of %s : %s.", name, dgsi_info.status)
+        return radiusd.RLM_MODULE_FAIL
+    else:
+        uservlan: int = int(dgsi_info.text)
     if uservlan == int(0):
         logging.info("Invalid uservlan of 0")
 
-- 
2.48.1