Users-file and LDAP backend mixing questions

Куприянов Максим max2k1 at
Mon Jan 19 13:21:17 CET 2009

> Куприянов Максим wrote:
> > I'm using FreeRadius 2.1.3 with LDAP (eDirectory) and plain-text (users file) backends and I don't know how to solve a couple of problems :(
>  How do you tell the users apart?
> > 1. Is possible to mix users with same names, but different passwords from LDAP and from users file? There are some old time users in my org, who don't belong to eDirectory tree and there are users in eDirectory with same names that should not be treated like old-time ones.
>  Maybe.

I guess, I've found some kind of solution:
ATTRIBUTE       Local-Skip-LDAP       3101    integer
ATTRIBUTE       Local-LDAP-User       3102    integer
VALUE           Local-Skip-LDAP       true    1
VALUE           Local-Skip-LDAP       false   0
VALUE           Local-LDAP-User       true    1
VALUE           Local-LDAP-User       false   0

old_user User-Password == "testing", Cleartext-Password := "testing"
         Local-Skip-LDAP = true

authorize {
if (!reply:Local-Skip-LDAP) {
     if (ok) {
          update request {
              Local-LDAP-User := true

The only problem i've got, that instead of using users file to specify default attributes for those none-LDAP user, I should use post-auth section of "default" site with (!request:Local-LDAP-User) and vice-versa condition.

So, many thanks to Alan for "man unlang" hint :)

But one problem still remain - i still don't understand how to check, that LDAP-user does not belong to any group. Any ideas?


More information about the Freeradius-Users mailing list