Help request: LDAP syntax authorization
Alan DeKok
aland at deployingradius.com
Fri Mar 31 21:27:55 CEST 2017
On Mar 31, 2017, at 2:53 PM, Aaron Dalla-Longa <aaron at shortgrass.ca> wrote:
>
> Freeradius version 3
>
> Is it possible to deny a user based on an attribute that LDAP sends
> through, and if so, what is the syntax for it?
You can map LDAP attributes to RADIUS ones.
See raddb/mods-available/ldap. Look for "mapping".
> Alternatively, if there is a
> well-put together guide on Freeradius LDAP syntax, could you link it to me?
The wiki has lots of documentation. Please go there and look. It also has a searchable interface. Just search for LDAP.
> Something that I would be looking for would be something like the
> pseudo-code below:
>
> if (user_attribute "delinquency" == "no") {
> accept
> {
> else {
> reject
> }
That's not LDAP, that's unlang policies. And those are documented, too. Lots of examples, and a "man unlang" page that describes the syntax.
Alan DeKok.
More information about the Freeradius-Users
mailing list