On 07.03.2013 22:06, Matthew Ceroni wrote:
Alan:
Yes, that works when run through ldapsearch.
I was able to get the attribute checking working (added to dictionary,
then ldap.attrmap) so I can now reject based on the value of an
attribute. Thanks for the input on that.
However, if the user isn't found in LDAP (Active Directory), how do I
get it to outright reject the user? I can't do attribute checking (tried
that and checking for an empty value, but got attribute was not found).
Right now if the user isn't found in LDAP it happily goes to
authentication (which for testing purposes right now is just using the
users file).
authorize {
ldap
if (notfound) {
reject
}
Olivier
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mail: [email protected]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
