On Mon, 26 Apr 2004, Teoh, Chee wrote: > Hi All, > > > > I am using freeradius with an LDAP backend for authorization and > authentication. At the early stages of the authorisation process, we > have multiple DEFAULT configuration lines in the 'users' file which > matches (and auth accept) based on suffix matching on the realm of the > username. The reason for this is to send back a bunch of L2TP > attributes without having to authentication the individual users. > > > > The problem I have is that after the 'users' file is processed, the LDAP > processing also happens which have a number of issues: > > > > 1) Unnecessary lookup to the LDAP as we don't need to authenticate > the end-users > > 2) Because we strip the username before sending it to LDAP, if the > username existing in the LDAP (although it is a user with different > realms) the attributed stored in the LDAP is added to the initial > reply-attributes set in the 'users' file cause the reply to fail > > > > Does any know what can be done to prevent the LDAP lookup once a match > occurs in the 'users' file?
Take a look at doc/Autz-Type. You can put ldap handling in a Autz-Type section and only call it on specific cases. > > > > Regards, > > Chee Beng Teoh - Network Engineer > > > > > > > ************************************************************************ > > Registered in England, number 4005262, c/o Hogan and Hartson > > LLP, One Angel Court, LONDON, EC2R 7HJ United Kingdom > > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
