Justin Steward wrote:
I want to return some radius reply attributes from an SQL database, check the user's password against an openLDAP server
As I said... LDAP isn't an authentication protocol.
(maybe a Windows Server running AD at some point in the future), and if possible fall back against a password stored in a MySQL database. (Though this password may not always be entirely up to date, so it's only for if the user either doesn't exist in the directory or the LDAP server is temporarily unavailable)
Why not let FreeRADIUS do authentication, as I suggested? Have the LDAP module pull the password from LDAP. Then, do MySQL. authorize { ... ldap if (notfound | fail) { sql } ... } That does *exactly* what you suggested above. But the last time I suggested that solution, you said you *also* wanted to get reply attributes from MySQL... apparently, even for the users that were found in LDAP. So which is it? Alan DeKok.