Kostas, I still don't see how to authenticate just the user & password to The ldap database with out having the identity/password set. I have Ldap in the authenticate section and took it out of the authorize section But it still wants to bind the identity & password before it binds and Searches for the user/password. An alternative is to pass the current user In as the identity but I don't think that feature exists does it ?
Thanks, Ron. > -----Original Message----- > From: Kostas Kalevras [mailto:[EMAIL PROTECTED] > Sent: Friday, April 02, 2004 5:43 AM > To: [EMAIL PROTECTED] > Look in the list archives, this has been ansewered a few days ago. > In general identity/password is used for ldap searches, NOT for ldap > authentication. It is used to find the user dn from the provided username. > If > you put the ldap module in the authenticate section it will do a bind with > the > userdn/password and verify the user password. > > > > > > > > > > > > > > > > -----Original Message----- > > > From: Kostas Kalevras [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, April 01, 2004 1:34 AM > > > To: [EMAIL PROTECTED] > > > Subject: Re: ldap section > > > > > > On Wed, 31 Mar 2004, Ron Wahler wrote: > > > > > > > > > > > Can you authenticate without the idenity and password filled out? I > > > > can't seem to get it to work without these fields filled out? > > > > > > > > > You need to setup the corresponding LDAP ACIs to allow search > > privileges > > > to > > > anonymous access (bad idea from a security point of view). > > > Or just create a search user with search permissions on your directory > > and > > > use > > > that one for identity/password > > > > > > > > > > > Thanks, > > > > Ron. > > > > > > > > ldap ldap_rp-eng{ > > > > server = 10.0.0.25 > > > > port = 389 > > > > #identity = "[EMAIL PROTECTED]" > > > > #password = "tester" > > > > basedn = "cn=Users,dc=rp-eng,dc=com" > > > > filter = > > > > "(SamAccountName=%{Stripped-User-Name:-%{User-Name}})" > > > > start_tls = no > > > > tls_mode = no > > > > timeout = 20 > > > > net_timeout = 10 > > > > timelimit = 20 > > > > } > > > > [Ron Wahler] > > > > > > > > > > > > > > > > rlm_ldap: - authorize > > > > rlm_ldap: performing user authorization for rontest > > > > radius_xlat: '(SamAccountName=rontest)' > > > > radius_xlat: 'cn=Users,dc=rp-eng,dc=com' > > > > ldap_get_conn: Got Id: 0 > > > > rlm_ldap: attempting LDAP reconnection > > > > rlm_ldap: (re)connect to 10.0.0.25:389, authentication 0 > > > > rlm_ldap: bind as / to 10.0.0.25:389 > > > > rlm_ldap: waiting for bind result ... > > > > rlm_ldap: Bind was successful > > > > rlm_ldap: performing search in cn=Users,dc=rp-eng,dc=com, with > > filter > > > > (SamAccountName=rontest) > > > > rlm_ldap: object not found or got ambiguous search result > > > > rlm_ldap: search failed > > > > ldap_release_conn: Release Id: 0 > > > > modcall[authorize]: module "ldap_rp-eng" returns notfound for > > request > > > > 0 > > > > modcall: group autztype returns notfound for request 0 > > > > rad_check_password: Found Auth-Type rp-eng > > > > auth: type "rp-eng" > > > > Processing the authenticate section of radiusd.conf > > > > modcall: entering group authtype for request 0 > > > > rlm_ldap: - authenticate > > > > rlm_ldap: login attempt by "rontest" with password "rontest" > > > > radius_xlat: '(SamAccountName=rontest)' > > > > radius_xlat: 'cn=Users,dc=rp-eng,dc=com' > > > > ldap_get_conn: Got Id: 0 > > > > rlm_ldap: performing search in cn=Users,dc=rp-eng,dc=com, with > > filter > > > > (SamAccountName=rontest) > > > > rlm_ldap: object not found or got ambiguous search result > > > > ldap_release_conn: Release Id: 0 > > > > modcall[authenticate]: module "ldap_rp-eng" returns notfound for > > > > request 0 > > > > modcall: group authtype returns notfound for request 0 > > > > auth: Failed to validate the user. > > > > Delaying request 0 for 1 seconds > > > > Finished request 0 > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > > > > -- > > > Kostas Kalevras Network Operations Center > > > [EMAIL PROTECTED] National Technical University of Athens, Greece > > > Work Phone: +30 210 7721861 > > > 'Go back to the shadow' Gandalf > > > > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html