On Jan 18, 2018, at 9:39 AM, Nicolas Reich <nicolas.reich@switch.ch> wrote:
I want to accept or deny a request depending, among other things, on the value of one ldap attribute. There are several possible values that should be accepted, and the rest should be refused. This list is quite long, and might change; so I'd prefer not to have to change it manually in the freeradius configuration. Is this possible? Either configure freeradius to read the list and generate the filter, or just read the filter from a file?
See "man rlm_passwd". You can create a CSV file, and put all of the "known good" values in it. Then, get the value from LDAP, followed by looking up that value in the "passwd" module. If it's there, allow the user. If not, reject them. Alan DeKok.