Check local before LDAP Authentication
Anthony Stuckey
anthonystuckey at gmail.com
Fri May 28 17:18:17 CEST 2021
"Just look at the sheer variety of questions posted to the list, and ask
yourself if any amount of documentation would answer all of those
questions."
The answer to that is clearly either
1) "Yes, period."
or 2) "No, but the volume would be lower and the type of questions would be
significantly more interesting."
On Fri, May 28, 2021 at 9:22 AM Alan DeKok <aland at deployingradius.com>
wrote:
> On May 28, 2021, at 10:16 AM, Matteo Raffa <matteo.raf at gmail.com> wrote:
> > What I want to achieve is quite simple: authenticate with LDAP only in
> case there’s no corresponding local user available.
>
> That shouldn't be too hard.
>
> > In the meanwhile I came up with this.
> > I guess in case someone needs to check local users *after* ldap, it’d
> simply move the files module after ldap and before pap (without the
> additional condition check on files rcode). Am I right?
>
> Yes.
>
> >
> > files
> > if (ok) {
> > pap
> > }
> >
> > -ldap
> > if ((ok || updated) && User-Password) {
> > update control {
> > Auth-Type := ldap
> > }
> > }
> > pap
>
> If it works, sure.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list