Aqdas Muneer wrote:
> thank you for the quick response. the reason i created the admin account
> was for use during ldap outages and you are correct that this account
> does not exist in ldap. what would be a better way to go about
> accomplishing this. i want the admin account to be only available during
> times when the ldap module returns 'fail'?
Put this into the "authorize" section:
authorize {
...
ldap {
fail = 1
}
if (fail) {
do things
}
...
}
The "do things" text should be replaced by your actual policies. i.e.
check for "admin" account, update password, etc. See "man unlang" for
details.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
