Re: MAC authorisation (but not authentication) via LDAP
Zitat von Martin Whinnery <martin.whinnery@sbc.ac.uk>:
Thanks Markus,
the problem seems to be that the authorisation pass returns "notfound",
whereas I want it to "reject", as if it found an entry in LDAP without
the appropriate attribute.
Mart
Hi Mart,
ugh, you are of course right, i forgot on important detail, sorry!
(has been quite a time since i set this up and it is getting quite
late in the night now ...)
directly after the ldap entry in authorize a call a small perl script
which checks for "$RAD_REQUEST{'Module-Failure-Message'}", and if it
is set then return with "RLM_MODULE_REJECT", so 'notfound' is replaced
by 'reject'.
i must admit that this actually is a very dirty solution ... i should
really overthink it (altough it works ...)
regards
markus
+-----------------------------------------------------------------+
| Markus Krause, Mogli-Soft |
| Support for Mac OS X, Webmail/Horde, LDAP, RADIUS |
| by order of the |
| Computing Center of the Max-Planck-Institute of Biochemistry |
+--------------------------------+--------------------------------+
| E-Mail: krause@biochem.mpg.de | Tel.: 089 - 89 40 85 99 |
| markus.krause@mac.com | Fax.: 089 - 89 40 85 98 |
| Skype: markus.krause | iChat: markus.krause@mac.com |
+--------------------------------+--------------------------------+
----------------------------------------------------------------------
This message was sent using https://webmail2.biochem.mpg.de
If you encounter any problems please report to rz-linux@biochem.mpg.de
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.