LDAP AD and SAMCompatibleName

Andrei Katsuk steep8 at gmail.com
Tue Mar 26 05:48:02 UTC 2024


> > Currently I want to authenticate users who enter EXAMPLE\bob or bob at example.com.
> > Also I don't want to grant access to users who enter EXAMPLE.COM\bob
> > or bob at EXAMPLE.
>
>   Why does it matter?

When realm is defined as realm EXAMPLE it grants access for
EXAMPLE\bob and bob at EXAMPLE.
Currently we do not support the last format that is why I want to
reject bob at EXAMPLE.

>   Perhaps the "realm" module could be updated to mark if the realm is suffix or prefix.  As always, patches are welcome.

What should the modified  "realm" module update ? Should it return
some extra values or fill in some new attributes ?


More information about the Freeradius-Users mailing list