LDAP authorization
Olivier Beytrison
olivier at heliosnet.org
Thu Mar 7 23:24:49 CET 2013
On 07.03.2013 22:06, Matthew Ceroni wrote:
> Alan:
>
> Yes, that works when run through ldapsearch.
>
> I was able to get the attribute checking working (added to dictionary,
> then ldap.attrmap) so I can now reject based on the value of an
> attribute. Thanks for the input on that.
>
> However, if the user isn't found in LDAP (Active Directory), how do I
> get it to outright reject the user? I can't do attribute checking (tried
> that and checking for an empty value, but got attribute was not found).
> Right now if the user isn't found in LDAP it happily goes to
> authentication (which for testing purposes right now is just using the
> users file).
>
authorize {
ldap
if (notfound) {
reject
}
Olivier
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mail: olivier at heliosnet.org
More information about the Freeradius-Users
mailing list