How to catch Ldap-Group fail state
Sergey Nikitin
oldnick.ru at gmail.com
Tue Jun 8 08:50:34 CEST 2021
Hi!
Could you help me please: is there a way to catch Ldap-Group failed state?
I have the following construct for ldap group check in the post-auth
section:
if Ldap-Group == "test-group" {
update reply {
cisco-avpair :="shell:priv-lvl=15"
}
}
else {
reject
}
Problem is when ldap server becomes unreachable from radius server, radius
client receive reject and I would like not to send reply in such case. Is
there a way to implement something like this:
if Ldap-Group == "test-group" {
update reply {
cisco-avpair :="shell:priv-lvl=15"
}
}
elsif (fail) {
do_not_respond
}
else {
reject
}
where (fail) is the state of Ldap-Group check. Thank you.
--
Best Regards.
Sergey
More information about the Freeradius-Users
mailing list