Maybe my last question was unclear this morning.
Therefore I would like to rephrase it:
Checkitems may be defined via ldap.attrmap e.g. like:
checkItem User-Category primaryGroupID
Those items, retrieved from an ldapserver and thus not part of the request:
Are they supposed to be accessible by following modules?
In a case like this in radiusd.conf:
authorize { ldap { notfound = return } files }
Should the files module have access to to a check item User-Category ?
Thanks
I'm not sure, I've never tried that before, but I don't believe you can.
I think you'd need to use xlat for that. Grep for xlat in doc/rlm_ldap.
You could certainly use that ldap attribute as an Ldap-Group item, if you
are going to be keying off of it a lot.
in radiusd.conf
groupmembership_attribute = "primaryGroupID"
Then in the users file
DEFAULT Ldap-Group != "xxx", Auth-Type := Reject
or something like that.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
