exec-program dependent on ldap attribute values

Tariq Rashid tariq.rashid at uk.easynet.net
Fri Jun 30 14:01:00 CEST 2006



"Tariq Rashid" <tariq.rashid at uk.easynet.net> wrote:
> I would like however for the script to be called only when an LDAP attribute has a certain values. Is this possible? The user's LDAP profile has already been searched for the user's password in the initial auth request, and possibly in the acct request.
> 
> something like the following does not work:
> 
> DEFAULT Acct-Status-Type == Start, Account-Status == "inactive"
>         Exec-Program = "/etc/freeradius/scripts/acct_start.py %{User-Name}" 
> 
> where Account-Status is mapped to the LDAP attribute in the ldap-attrmap file. 

  Probably because Account-Status is a check item, and not in the
request.  It will have to go into the request for it to be compared in
the acct_users file.

  Alan DeKok.
---------------

so must it be added to the request artificially before the comparision happens? i'm not sure what the recommended what to achieve this is...

tariq




More information about the Freeradius-Users mailing list