exec-program dependent on ldap attribute values

Alan DeKok aland at nitros9.org
Thu Jun 29 22:10:16 CEST 2006


"Tariq Rashid" <tariq.rashid at uk.easynet.net> wrote:
> I would like however for the script to be called only when an LDAP attribute has a certain values. Is this possible? The user's LDAP profile has already been searched for the user's password in the initial auth request, and possibly in the acct request.
> 
> something like the following does not work:
> 
> DEFAULT Acct-Status-Type == Start, Account-Status == "inactive"
>         Exec-Program = "/etc/freeradius/scripts/acct_start.py %{User-Name}" 
> 
> where Account-Status is mapped to the LDAP attribute in the ldap-attrmap file. 

  Probably because Account-Status is a check item, and not in the
request.  It will have to go into the request for it to be compared in
the acct_users file.

  Alan DeKok.



More information about the Freeradius-Users mailing list