For starting it should be enough but what I am not able to do is to set
up the correct sequence.
First I need to extract the CN field (which can be done and I Already
did and I can set up
a list of allowed CN in hte users file), and after I need to do an LDAP
query to check for authorization.
How can I do the following in this exact order ?
LDAP authorization is tryed first then comes authentication or am I wrong ?
What I'd need is to extract the CN and check it against LDAP attributes...
How might I do it ?
thank you
Riccardo
Alan DeKok wrote:
Edgar Fuß wrote:
I don't understand. rlm_eap's check_cert_cn must be able to extract the CN from
the user certificate in order to check it against User-Name (or whatever).
Yes...
Or at least, with check_cert_cn = %{User-Name}, you can substitute User-Name
for an extracted CN for whatever additional lookup you need.
Yes.
Or am I getting it wrong?
No. But there's no code to extract other fields from the cert.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
