Configuring LDAP for query ONLY...
Alan DeKok
aland at deployingradius.com
Fri Jan 4 18:24:30 CET 2008
Eric Martell wrote:
> I am trying to do ldap query lookup in the authorize
> section and after successful authorization ( if ldap
> entry exists on search query) ....reply with
> Access-Accept if not reject.
So... you're not authenticating anyone?
> I do not want to do authentication in LDAP as we are
> not storing "userPassword" attribute in ldap schema.
How will users be authenticated?
> So in a way trying to do..
>
> if(ldap search success) {
> Access-Accept
> } else {
> Access-Reject
> }
Try this:
authorize {
...
ldap {
notfound = reject
}
files
}
And have the "users" file:
DEFAULT Auth-Type := Accept.
Of course, in 2.0, you can use "unlang" to write a rule that looks
pretty much like your pseudo-code above.
Alan DeKok.
More information about the Freeradius-Users
mailing list