LDAP and deactivated users

R3DNano r3dnano at gmail.com
Thu Oct 3 12:20:05 CEST 2019

There are some deactivated user on the ldap directory that we need to
reject their access to.
Instead, the ldap module returns a correct password, and the user is
validated - even though the user is deactivated.
That is, at least, the impression I get.
I've also noticed that, in cases there's an issue with the password: i.e.:
user needs to change their password due to it being insecure, the ldap
seems to return this message and freeradius seems to interpret this as the
password, even though the password is correct and the authentication fails:
Does what I'm saying make sense? (from my limited ldap knowledge) and, is
there a way to control this?


More information about the Freeradius-Users mailing list