Hello list,
I know this isn't a direct FR related issue, but I think the people
here have deep know how or some further links I can get my information I
need.
What I'm interested in is how the LDAP user/password authentication
works, especially how FR does it.
In LDAP module configuration I set an identity. For my understanding
this is for the ldap bind user. With this identity FR will get access to
the ldap database, to do groupmembership information or attributes and
so on.
But is this identity also needed for authentication only?
In my setup I just want to authenticate my users against Microsoft
Active Directory, authorization will be done through sql.
So I thought about if I need the bind user. Am I right with this:
FR or the ldap module will test if the username/password combination is
correct against ldap. For that it will do a simple ldap bind with the
credentials from access-request packet. So, is the identity really
needed for authentication or is my understanding here wrong?
Please point me to the right...
Regards,
Tobias Hachmer
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
