freeradius2 with EAP-TLS and LDAP authorization

[Alan DeKok]

Edgar Fuß wrote:
> I don't understand. rlm_eap's check_cert_cn must be able to extract the CN from the user certificate in order to check it against User-Name (or whatever).

  Yes...

> Or at least, with check_cert_cn = %{User-Name}, you can substitute User-Name for an extracted CN for whatever additional lookup you need.

  Yes.

> Or am I getting it wrong?

  No.  But there's no code to extract other fields from the cert.

  Alan DeKok.