I don't think that what I'm trying to do is complex at all. I shouldn't need any additional ldap changes, all the information needed is already present. I may consider the vhosts at some point if this gets any further complications. If anything just to "help" safe guard from configuration mistakes. Thanks, Dan On Mon, Jul 27, 2015 at 4:08 AM, <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
Ah ok, I tried authenticate with no luck. Now I'm using authorize, but still having the same issue. It looks like the ldap module is authorizing the request, so even now I am still too late in the pipeline.
you're making this more complex..... just check if the Connect-Info is there and what value is it...and if its there then send the request to a new virtual server based on the value it is. this completely seperates the policy requirements for authentication. one virtual-server deals with admin logins (very easy), the other deals with user logins (very easy). instead, you are trying to put all requirements into a single virtual-server which will need all sorts of extra LDAP checks and changes (not so easy).
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html