Configuring LDAP for query ONLY...

Alan DeKok aland at deployingradius.com
Fri Jan 4 18:24:30 CET 2008


Eric Martell wrote:
>   I am trying to do ldap query lookup in the authorize
> section and after successful authorization ( if ldap
> entry exists on search query) ....reply with
> Access-Accept if not reject.

  So... you're not authenticating anyone?

> I do not want to do authentication in LDAP as we are
> not storing "userPassword" attribute in ldap schema.

  How will users be authenticated?

> So in a way trying to do..
> 
> if(ldap search success) {
>   Access-Accept
> } else {
>   Access-Reject
> }

  Try this:

 authorize {
	...
	ldap {
		notfound = reject
	}
	files
 }

  And have the "users" file:

DEFAULT  Auth-Type := Accept.

  Of course, in 2.0, you can use "unlang" to write a rule that looks
pretty much like your pseudo-code above.

  Alan DeKok.



More information about the Freeradius-Users mailing list