RE: exec-program dependent on ldap attribute values
"Tariq Rashid" <tariq.rashid@uk.easynet.net> wrote:
> I would like however for the script to be called only when an LDAP attribute has a certain values. Is this possible? The user's LDAP profile has already been searched for the user's password in the initial auth request, and possibly in the acct request.
>
> something like the following does not work:
>
> DEFAULT Acct-Status-Type == Start, Account-Status == "inactive"
> Exec-Program = "/etc/freeradius/scripts/acct_start.py %{User-Name}"
>
> where Account-Status is mapped to the LDAP attribute in the ldap-attrmap file.
Probably because Account-Status is a check item, and not in the
request. It will have to go into the request for it to be compared in
the acct_users file.
Alan DeKok.
---------------
so must it be added to the request artificially before the comparision happens? i'm not sure what the recommended what to achieve this is...
tariq
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.