Hi
In our case the
authentication works fine with both modules: unix and ldap
(local users and
LDAP users). Using LDAP works fine for most of the users
but for some users
(the one not searchable) it doesn't work.
When rlm_ldap
authorize a user: does it make a bind to ldap? In that
case the default is
to bind anonymously so it shouldn't be a problem...
Or does it make a
ldapsearch?
When rlm_ldap
authenticate the user it makes a new bind if understood
correctly (watching
at a radtest session).
Regards,
David
Date: Wed, 22 Jan 2003 15:47:33 +0200
(EET)
From: Kostas Kalevras
<[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: bind to ldap server only (no
search)
Reply-To:
[EMAIL PROTECTED]
On Wed, 22 Jan 2003, David De Maeyer
wrote:
> Hi all,
>
> I am quite new to Radius. I installed
FreeRadius 0.8.1 and
> it runs fine. We have some local users in the
users file, other
> users are authenticated via our LDAP server.
As far I can see
> we only need to bind to the LDAP server to
authenticate them
> but it seems the rlm_ldap module first search
for the users.
> In our case we have some users which are not
searchable.
>
> That means the authentication fails. rlm_ldap
first search for
> the user but can't find it.
>
> Is therefore possible to only bind to the LDAP
server without
> searching for the users?
You have to first find the user dn.
Anyway you could create a Ldap-UserDn attribute by
use of the attr_rewrite
module, add it in the config attribute list and it
should work.
Something like:
attribute = Ldap-UserDn
replacewith =
"uid=%{User-Name},ou=people,dc=company,dc=com"
new_attribute = yes
authorize{
[...]
attr_rewrite
}
>
> Is it something to do with the identity flag
in rlm_ldap?
>
> Regards,
>
> David
>
___________________________________________________
> David De Maeyer
> Roskilde University Center
> Computer Science Department
> Box 260, Hus 42.1
> 4000 Roskilde
> Denmark
> voice (+45) 46 74 38 29 fax (+45) 46 74 30
72
>
>
--
Kostas Kalevras Network Operations
Center
[EMAIL PROTECTED] National Technical University of
Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
___________________________________________________
David
De Maeyer
Roskilde University Center
Computer Science Department
Box 260,
Hus 42.1
4000 Roskilde
Denmark
voice (+45) 46 74 38 29
fax (+45) 46 74 30 72