Check local before LDAP Authentication
Alan DeKok
aland at deployingradius.com
Fri May 28 16:22:38 CEST 2021
On May 28, 2021, at 10:16 AM, Matteo Raffa <matteo.raf at gmail.com> wrote:
> What I want to achieve is quite simple: authenticate with LDAP only in case there’s no corresponding local user available.
That shouldn't be too hard.
> In the meanwhile I came up with this.
> I guess in case someone needs to check local users *after* ldap, it’d simply move the files module after ldap and before pap (without the additional condition check on files rcode). Am I right?
Yes.
>
> files
> if (ok) {
> pap
> }
>
> -ldap
> if ((ok || updated) && User-Password) {
> update control {
> Auth-Type := ldap
> }
> }
> pap
If it works, sure.
Alan DeKok.
More information about the Freeradius-Users
mailing list