freeradius2 with EAP-TLS and LDAP authorization
Alan DeKok
aland at deployingradius.com
Sun Jul 4 09:00:36 CEST 2010
Riccardo Veraldi wrote:
> First I need to extract the CN field (which can be done and I Already
> did
You can't *extract* the CN field. You can *compare* the CN field to
another value, as shown in the eap.conf file.
> and I can set up
> a list of allowed CN in hte users file), and after I need to do an LDAP
> query to check for authorization.
> How can I do the following in this exact order ?
You edit the config files so that the "ldap" module is run after the
"users" file.
> LDAP authorization is tryed first then comes authentication or am I wrong ?
Yes.
> What I'd need is to extract the CN and check it against LDAP attributes...
> How might I do it ?
You can't. To do that, you will need to edit the source code to add
that feature.
Alan DeKok.
More information about the Freeradius-Users
mailing list