LDAP authentication

Florin Andrei florin at andrei.myip.org
Tue Jul 12 22:25:59 CEST 2005 

Description of situation first, freeradius question at the end:

I am doing plain user/pass authentication against an LDAP server using
ldapsearch:

$ ldapsearch -H ldap://XXXXXXXX -b 'o=XXXXXXXXXXXXX,c=us' -D
'uid=XXXXX,o=XXXXXXXXXXXXXX,c=us' -x -W uid=XXXXX
Enter LDAP Password:
[snip]
result: 0 Success
[snip]

The packet trace looks like this:

####################################################
No.     Time        Source                Destination           Protocol
Info
      4 0.001468    somecomputer.somedomain.com
someserver.somedomain.com   LDAP     MsgId=1 Bind Request,
DN=uid=XXXXX,o=YYYYYYYYYY,c=us

Frame 4 (123 bytes on wire, 123 bytes captured)
Internet Protocol, Src Addr: somecomputer.somedomain.com
(XXX.YYY.ZZZ.38), Dst Addr: someserver.somedomain.com (AAA.BBB.CCC.18)
Lightweight Directory Access Protocol
    LDAP Message, Bind Request
        Message Id: 1
        Message Type: Bind Request (0x00)
        Message Length: 50
        Response In: 6
        Version: 3
        DN: uid=XXXXX,o=YYYYYYYYYY,c=us
        Auth Type: Simple (0x00)
        Password: 1234567890

No.     Time        Source                Destination           Protocol
Info
      6 0.067801    someserver.somedomain.com
somecomputer.somedomain.com   LDAP     MsgId=1 Bind Result

Frame 6 (96 bytes on wire, 96 bytes captured)
Internet Protocol, Src Addr: someserver.somedomain.com (AAA.BBB.CCC.18),
Dst Addr: somecomputer.somedomain.com (XXX.YYY.ZZZ.38)
Lightweight Directory Access Protocol
    LDAP Message, Bind Result
        Message Id: 1
        Message Type: Bind Result (0x01)
        Message Length: 23
        Response To: 4
        Time: 0.066333000 seconds
        Result Code: success (0x00)
        Matched DN: (null)
        Error Message: +0gg4KMBV5FZkjyC
####################################################

I don't really care about any information that's returned, I only want
to authenticate against LDAP.

Can I configure freeradius to do the same? I tried a few configurations
in radiusd.conf but everything seems to trigger a behaviour that's
different from ldapsearch.
LDAP is currently used to authenticate various things, and I'd like to
point a Radius server to it to use the same user passwords.

-- 
Florin Andrei

http://florin.myip.org/

More information about the Freeradius-Users mailing list