Robin,
I'm not sure if I follow exactly what you want to do. But I'll give it a
shot.
I have this line in my config file under <Authby LDAP2>:
AuthAttrDef altmail5,NAS-Port-Type,check
It allows me to compare the LDAP attribute 'altmail5' against the radius
attribute 'NAS-Port-Type'. If they don't match, it rejects the
authentication. If altmail5 does not exist for that user, then it isn't
checked, and authentication goes through.
With code written by Hugh and Mike, I've also implemented a new LDAP search
feature that allows me to query the user's LDAP entry for the existance of a
specific attribute. If the attribute does not exist, it rejects the
authentication. Is this closer to what you want to do? If so, it'll require
2.16.1, plus new code and patches.
As far as I know (Hugh can confirm this) this new feature is still in
testing mode, and hasn't been added to the general release. I've been using
it here for 1 week now without a problem.
Let me know if I can help!
Steve
-----Original Message-----
From: Robin Gruyters [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 08, 2000 12:21 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Check Attribute in LDAP
HI,
Just one question. Is it possible to check an attribute like:
if "AccountStatus" exists on the LDAP do Access-Type=Reject
So no ocheck on attribute from the NAS, only on de LDAP.
--
Regards,
Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE
http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628
PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H.
BOFH excuse: Incorrect time syncronization
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
