17 Aug
2010
17 Aug
'10
7:23 a.m.
Aqdas Muneer wrote:
thank you for the quick response. the reason i created the admin account was for use during ldap outages and you are correct that this account does not exist in ldap. what would be a better way to go about accomplishing this. i want the admin account to be only available during times when the ldap module returns 'fail'?
Put this into the "authorize" section: authorize { ... ldap { fail = 1 } if (fail) { do things } ... } The "do things" text should be replaced by your actual policies. i.e. check for "admin" account, update password, etc. See "man unlang" for details. Alan DeKok.