LDAP (POSIX attibutes) password expiry SOLVED
up at 3.am
up at 3.am
Tue Mar 6 16:26:59 CET 2012
> On Tue, Mar 6, 2012 at 9:20 PM, <up at 3.am> wrote:
>> ++? if (control:Shadow-Current > control:Shadow-Expires)
>> Failed parsing "control:Shadow-Expires": Unknown value control:Shadow-Expires
>> for
>> attribute Shadow-Current
>
> Try
>
> if (control:Shadow-Current > "%{control:Shadow-Expires}")
>
That did it! Thank you Fajar, Phil and Alan! It never ceases to amaze me the
things that can be done with FreeRADIUS that would have been unthinkable with
Cistron or Livingston. For anyone else interested, I'll paste the final
modifications here (unwrap lines, of course):
raddb/sites-available/<servername>:
update control {
Shadow-Expires := "%{expr:%{control:Shadow-Last-Change} +
%{control:Shadow-Max-Age}}"
Shadow-Current := "%{expr:%l / 86400}"
}
if (control:Shadow-Current > "%{control:Shadow-Expires}") {
reject
}
--------------
raddb/dictionary:
ATTRIBUTE Shadow-Max-Age 3000 integer
ATTRIBUTE Shadow-Last-Change 3001 integer
ATTRIBUTE Shadow-Expires 3002 integer
ATTRIBUTE Shadow-Current 3003 integer
--------------
raddb/ldap.attrmap
checkItem Shadow-Max-Age shadowMax
checkItem Shadow-Last-Change shadowLastChange
---------------
More information about the Freeradius-Users
mailing list