FR3.0 and LDAP

Maja Wolniewicz mgw at umk.pl
Tue Aug 13 11:47:58 CEST 2013


W dniu 13.08.2013 10:50, Arran Cudbard-Bell pisze:
> On 13 Aug 2013, at 09:48, Maja Wolniewicz <mgw at umk.pl> wrote:
>
>> W dniu 13.08.2013 10:41, A.L.M.Buxey at lboro.ac.uk pisze:
>>> Hi,
>>>
>>>> Our freeradius server uses a few of LDAP databases (depending on the
>>>> realm) and not all of them are under our control.
>>> use different ldap modules for different realms? 
>>>
>>> if (%{realm} == "specialone\.pl") {
>>> 	ldap-specialone
>>> 	}
>>>
>>>
>>> etc ?
>> but there is no way to use the LDAP database in FR3.0 without enabling
>> read access to a password attribute.
> Of course there is. The authenticate method of the ldap module does bind as user.  The success of the bind is an indication of whether authentication succeeded.  You need a cleartext copy of the password from the user though.
Thanks Arran,
it  works as I expected when I set
Auth-Type := LDAP
in the authorize section.

Maja
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html

-- 
Maja Gorecka-Wolniewicz          mgw at umk.pl
Uczelniane Centrum               Information & Communication
Informatyczne                    Technology Centre
Uniwersytet Mikolaja Kopernika   Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3393 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20130813/eff2af7e/attachment.bin>


More information about the Freeradius-Devel mailing list