Forum Discussion
Robert_Decker_2
Nimbostratus
NimbostratusLDAP redirect not working
How do you redirect _sys_auth_ldap? I've tried the following(x.x.x.x is the IP address of the web page I created):
replace HTTP::respond 401 with HTTP::respond "http://x.x.x.x"
...
Robert_Decker_2Nimbostratus
NimbostratusI've added the redirect line in place of the last HTTP::respond line in Auth Failure. This seems to be working now (had other issues I'm troubleshooting). Was this the correct placing? The rule seems to work as long as a username and password is present. I was trying to trigger the rule by adding a username and leaving the password area blank (this never worked). Does PAM require both to be a valid attempt? What happens when a blank password is entered 3 times(the page becomes blank)?
when AUTH_SUCCESS {
if {$tmm_auth_http_sids(ldap) eq [AUTH::last_event_session_id]} {
incr tmm_auth_http_successes
if {[info exists tmm_auth_http_sufficient_successes]} {
if {$tmm_auth_http_successes >=
$tmm_auth_http_sufficient_successes} {
foreach {type sid} [array get tmm_auth_http_sids] {
if {$type ne "ldap" && $sid ne -1} {
AUTH::abort $sid
array set tmm_auth_http_sids [list $type -1]
}
}
set tmm_auth_http_collect_count 0
HTTP::release
} else {
incr tmm_auth_http_collect_count -1
if {$tmm_auth_http_collect_count == 0} {
HTTP::respond 401
}
}
} else {
incr tmm_auth_http_collect_count -1
if {$tmm_auth_http_collect_count == 0} {
HTTP::release
}
}
}
}
when AUTH_FAILURE {
if {$tmm_auth_http_sids(ldap) eq [AUTH::last_event_session_id]} {
if {[llength [array names tmm_auth_http_sids]] > 1} {
if {[info exists tmm_auth_http_sufficient_successes]} {
incr tmm_auth_http_collect_count -1
if {$tmm_auth_http_collect_count == 0} {
HTTP::respond 401
}
} else {
foreach {type sid} [array get tmm_auth_http_sids] {
if {$type ne "ldap" && $sid ne -1} {
AUTH::abort $sid
array set tmm_auth_http_sids [list $type -1]
}
}
set tmm_auth_http_collect_count 0
HTTP::respond 401
}
} else {
set tmm_auth_http_collect_count 0
HTTP::respond 302 Location "http://x.x.x.x"
}
}
}
when AUTH_WANTCREDENTIAL {
if {$tmm_auth_http_sids(ldap) eq [AUTH::last_event_session_id]} {
if {[llength [array names tmm_auth_http_sids]] > 1} {
if {[info exists tmm_auth_http_sufficient_successes]} {
incr tmm_auth_http_collect_count -1
if {$tmm_auth_http_collect_count == 0} {
HTTP::respond 401
}
} else {
foreach {type sid} [array get tmm_auth_http_sids] {
if {$type ne "ldap" && $sid ne -1} {
AUTH::abort $sid
array set tmm_auth_http_sids [list $type -1]
}
}
set tmm_auth_http_collect_count 0
HTTP::respond 401
}
} else {
set tmm_auth_http_collect_count 0
HTTP::respond 401
}
}
}
when AUTH_ERROR {
if {$tmm_auth_http_sids(ldap) eq [AUTH::last_event_session_id]} {
if {[llength [array names tmm_auth_http_sids]] > 1} {
if {[info exists tmm_auth_http_sufficient_successes]} {
incr tmm_auth_http_collect_count -1
if {$tmm_auth_http_collect_count == 0} {
HTTP::respond 401
}
} else {
foreach {type sid} [array get tmm_auth_http_sids] {
if {$type ne "ldap" && $sid ne -1} {
AUTH::abort $sid
array set tmm_auth_http_sids [list $type -1]
}
}
set tmm_auth_http_collect_count 0
HTTP::respond 401
}
} else {
set tmm_auth_http_collect_count 0
HTTP::respond 401
}
}
}
Thank you for your help,
Rob
