LDAP authorization

Olivier Beytrison olivier at heliosnet.org
Thu Mar 7 23:24:49 CET 2013


On 07.03.2013 22:06, Matthew Ceroni wrote:
> Alan:
>
> Yes, that works when run through ldapsearch.
>
> I was able to get the attribute checking working (added to dictionary,
> then ldap.attrmap) so I can now reject based on the value of an
> attribute. Thanks for the input on that.
>
> However, if the user isn't found in LDAP (Active Directory), how do I
> get it to outright reject the user? I can't do attribute checking (tried
> that and checking for an empty value, but got attribute was not found).
> Right now if the user isn't found in LDAP it happily goes to
> authentication (which for testing purposes right now is just using the
> users file).
>
authorize {
    ldap
    if (notfound) {
       reject
    }

Olivier

-- 
  Olivier Beytrison
  Network & Security Engineer, HES-SO Fribourg
  Mail: olivier at heliosnet.org


More information about the Freeradius-Users mailing list