exec-program dependent on ldap attribute values
Alan DeKok
aland at nitros9.org
Thu Jun 29 22:10:16 CEST 2006
"Tariq Rashid" <tariq.rashid at uk.easynet.net> wrote:
> I would like however for the script to be called only when an LDAP attribute has a certain values. Is this possible? The user's LDAP profile has already been searched for the user's password in the initial auth request, and possibly in the acct request.
>
> something like the following does not work:
>
> DEFAULT Acct-Status-Type == Start, Account-Status == "inactive"
> Exec-Program = "/etc/freeradius/scripts/acct_start.py %{User-Name}"
>
> where Account-Status is mapped to the LDAP attribute in the ldap-attrmap file.
Probably because Account-Status is a check item, and not in the
request. It will have to go into the request for it to be compared in
the acct_users file.
Alan DeKok.
More information about the Freeradius-Users
mailing list