On Wed, 6 Feb 2002, Matthew Schumacher wrote:
> Hello all,
>
> I am having trouble getting radius to work with ldap. I think I have
> the config file setup corretly because I see ldap requests in the debug.
>
> I want to use pap and {crypt} for password encryption and accourding to
> the docs that should work. But I can't seem to get it working in my
> lab. Can anyone provide a sample ldif file that I could look at?
>
> I would prefer for radius to bind as the user to get the attributes and
> authenticate. It seems that this should work if I disable the identity
> option in the ldap module.
Well, actually if the identity/password options are set to NULL the module will
connect to the server anonymously. What you are asking for cannot happen because
that is not the way the module works. The module maintains persistent
connections to the ldap server which it uses to query the server for user
attributes. It will make a new connection *only* to authenticate the user
through an ldap operation. Binding as the user will mean that the module will do
the authentication before the authorization which is not the way things work in
freeradius. It will also mean rewriting a big part of the module and destroying
performance so i don't think it can happen.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
