On 07/23/2010 02:59 PM, Alan DeKok wrote:
Tom Leach wrote:
To correct the bind problem, I added an ACL to the directory to allow
'uid=admin,o=radtree' to access the userPassword attribute, then
configured the ldap module to use 'uid=admin,o=radtree' as the identity
and 'secret' as the password.  Now the bind succeeds, the -X output says
that it's mapping userPassword ->  Crypt-Password ==
"{crypt}4gOgBZqZgtwIw"

   The "Crypt-Password" attribute is supposed to be the crypt'd version
of the password *without* the "{crypt}" header.  Change the mapping from
"userPassword ->  Crypt-Password" to "userPassword ->  User-Password", and
it will work.

   The PAP module will look for the "{crypt}" header, and create a
Crypt-Password with the appropriate value.

Hmm ...

Just from looking at the rlm_ldap code (not actual testing) I thought if auto_header was set to True in the ldap config then rlm_ldap after looking up the configured password attribute would perform the steps you describe above. (strip the hash prefix and add a new attribute with the correct attribute type for the hash type)

Am I confused?

--
John Dennis <jden...@redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to