Check local before LDAP Authentication
Matteo Raffa
matteo.raf at gmail.com
Fri May 28 13:52:14 CEST 2021
I’ve found some old posts about this on the mailing list, but all of those were 10+ years old and using v1 or v2.
Further to that, I am using LDAP for authentication (Google doesn’t send passwords).
So, in my authorize {} I have set this before pap to set the proper auth method:
if (User-Password) {
update control {
Auth-Type := ldap
}
}
Now I believe that I should just need to add another condition to check for files module returning notfound code, so that it only sets ldap in case the user is not found in files, otherwise it will just go on to pap.
Something like
if (User-Password && files == notfound) {...}
But I can’t find the correct way to do this check. What is the attribute name corresponding to “files module return code” that I should check?
I checked man unlang for that, but it only says that I can check for a module return code just after its execution.
It doesn’t tell anything about a variable storing each module’s return code.
Thanks!
More information about the Freeradius-Users
mailing list