ldap filter from an external file
aland at deployingradius.com
Thu Jan 18 15:44:11 CET 2018
On Jan 18, 2018, at 9:39 AM, Nicolas Reich <nicolas.reich at switch.ch> wrote:
> I want to accept or deny a request depending, among other things, on the
> value of one ldap attribute. There are several possible values that
> should be accepted, and the rest should be refused. This list is quite
> long, and might change; so I'd prefer not to have to change it manually
> in the freeradius configuration. Is this possible? Either configure
> freeradius to read the list and generate the filter, or just read the
> filter from a file?
See "man rlm_passwd".
You can create a CSV file, and put all of the "known good" values in it. Then, get the value from LDAP, followed by looking up that value in the "passwd" module. If it's there, allow the user. If not, reject them.
More information about the Freeradius-Users