Hi there,
Is it possible to have two different authentication policies for the ldap users on the same realm? what i want to accomplish is:
1- Users need only their username and OTP when they authenticate against privacyidea Apache module
2- Users need their username and ldap password + OTP to authenticate against privacyidea FreeRADIUS plugin
You can distinguish the policies based on the client IP.
privacyIDEA compiles a “list of valid policies” and takes into account the user, the realm… and also the client IP.
If you policy does not contain a client IP, it matches all client IPs.
So take care: If you have a policy with a deditcated client IP and one with no client IPs, you might have two matching, contradicting policies.
Read more: http://privacyidea.readthedocs.io/en/latest/policies/index.html
You may exclude client IPs using the prefix ! or -.