> Куприянов Максим wrote:
> > I'm using FreeRadius 2.1.3 with LDAP (eDirectory) and plain-text (users
> > file) backends and I don't know how to solve a couple of problems :(
>
> How do you tell the users apart?
>
> > 1. Is possible to mix users with same names, but different passwords from
> > LDAP and from users file? There are some old time users in my org, who
> > don't belong to eDirectory tree and there are users in eDirectory with same
> > names that should not be treated like old-time ones.
>
> Maybe.
>
I guess, I've found some kind of solution:
/etc/raddb/dictionary:
ATTRIBUTE Local-Skip-LDAP 3101 integer
ATTRIBUTE Local-LDAP-User 3102 integer
VALUE Local-Skip-LDAP true 1
VALUE Local-Skip-LDAP false 0
VALUE Local-LDAP-User true 1
VALUE Local-LDAP-User false 0
/etc/raddb/users:
old_user User-Password == "testing", Cleartext-Password := "testing"
Local-Skip-LDAP = true
/etc/raddb/sites-available/default:
authorize {
..
if (!reply:Local-Skip-LDAP) {
ldap
if (ok) {
update request {
Local-LDAP-User := true
}
}
}
..
}
The only problem i've got, that instead of using users file to specify default
attributes for those none-LDAP user, I should use post-auth section of
"default" site with (!request:Local-LDAP-User) and vice-versa condition.
So, many thanks to Alan for "man unlang" hint :)
But one problem still remain - i still don't understand how to check, that
LDAP-user does not belong to any group. Any ideas?
---
Maxim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
