(no subject)

David De Maeyer Wed, 22 Jan 2003 06:46:07 -0800

In our case the authentication works fine with both modules: unix and ldap

(local users and LDAP users). Using LDAP works fine for most of the users

but for some users (the one not searchable) it doesn't work.

When rlm_ldap authorize a user: does it make a bind to ldap? In that

case the default is to bind anonymously so it shouldn't be a problem...

Or does it make a ldapsearch?

When rlm_ldap authenticate the user it makes a new bind if understood

correctly (watching at a radtest session).

Regards,

David

Date: Wed, 22 Jan 2003 15:47:33 +0200 (EET)

From: Kostas Kalevras <[EMAIL PROTECTED]>

To: [EMAIL PROTECTED]

Subject: Re: bind to ldap server only (no search)

Reply-To: [EMAIL PROTECTED]

On Wed, 22 Jan 2003, David De Maeyer wrote:

> Hi all,

> I am quite new to Radius. I installed FreeRadius 0.8.1 and

> it runs fine. We have some local users in the users file, other

> users are authenticated via our LDAP server. As far I can see

> we only need to bind to the LDAP server to authenticate them

> but it seems the rlm_ldap module first search for the users.

> In our case we have some users which are not searchable.

> That means the authentication fails. rlm_ldap first search for

> the user but can't find it.

> Is therefore possible to only bind to the LDAP server without

> searching for the users?

You have to first find the user dn.

Anyway you could create a Ldap-UserDn attribute by use of the attr_rewrite

module, add it in the config attribute list and it should work.

Something like:

attribute = Ldap-UserDn

replacewith = "uid=%{User-Name},ou=people,dc=company,dc=com"

new_attribute = yes

authorize{

[...]

attr_rewrite

}

> Is it something to do with the identity flag in rlm_ldap?

> Regards,

> David

> ___________________________________________________

> David De Maeyer

> Roskilde University Center

> Computer Science Department

> Box 260, Hus 42.1

> 4000 Roskilde

> Denmark

> voice (+45) 46 74 38 29 fax (+45) 46 74 30 72

Kostas Kalevras Network Operations Center

[EMAIL PROTECTED] National Technical University of Athens, Greece

Work Phone: +30 210 7721861

'Go back to the shadow' Gandalf

___________________________________________________
David De Maeyer
Roskilde University Center
Computer Science Department
Box 260, Hus 42.1
4000 Roskilde
Denmark
voice (+45) 46 74 38 29 fax (+45) 46 74 30 72

(no subject)

Reply via email to