Thato Molise wrote:
How do I tell freeRADIUS to use LDAP expiration in my Configuration files. That's Exactly what to tell the server to do... Please help...
There is no built-in way, because this is not a standardised config. What format does the ldap expiration attribute have? There's an "rlm_expiration" in CVS (and possibly >1.1.0) versions of the server. If your expiration attribute is a unix timestamp (seconds since 1970) you could simply do this in ldap.attrmap: checkItem Expiration myLdapExpiryAttribute ...alternatively you could use rlm_exec to do it - for example if you have: dn: cn=username,blah objectClass: inetOrgPerson expiryDate: Wed 12 Jul 2006 ...then in ldap.attrmap do this: checkItem Expiration expiryDate ...and in radiusd.conf: modules { exec expiry { wait = yes program = "/path/to/expiry.sh" input_pairs = config output_pairs = reply } } authorize { preprocess ldap expiry # maybe other stuff } ...and make "expiry.sh" be this: #!/bin/sh EXPIRY_IN_LDAP=`date -d "$EXPIRATION" +%s` NOW=`date +%s` if [ $EXPIRY -lt $NOW ] then echo "Auth-Type := Reject" echo "Reply-Message = \"Your account has expires\"" fi This is untested, but I don't see why it shouldn't work.