LDAP authentication
- To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
- Subject: LDAP authentication
- From: "Lin Richardson" <lin@xmission.com>
- Date: Mon, 28 Aug 2006 15:21:08 -0600
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:mime-version:content-type:x-google-sender-auth; b=iH2BXL+AGT+nraHr1vPzN0epM1m5GBQS2DCZAsu7Hsl5NerGl5u2a7xmQpQKLsHYB74QFJJxTU0/12oVsbyJJ+udlwTPRieJx4ACss5dHXIL2x6/DEwbGJ4HaM1Yq6llUldhVmaR6nvucZWzDwsOOm7ILuXBxxiGBTX3cD8kq9w=
- Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
- Sender: trevelyn@gmail.com
A general question that I have not seen in the forum.
I want to authenticate against LDAP... BUT I don't want to use the LDAP password as the password in every case.
In a remote connectivity solution I want to check the remotepassword attribute for authentication.
Problem is (as I see it), that the real LDAP password is not passed in with the remote connectivity request, so the request seems to be failing.
If I make the request with the LDAP password, it succeeds.
So my question, and I know that there is a caveat about a cleartext password being required for LDAP authentication, is:
Can I make a request to freeradius that gets passed to LDAP but only requires the password to be checked against an attribute of the username, NOT the real LDAP password.
Any insight/experience or pointers to helpful doc sources would be appreciated.
Regards,
Lin Richardson
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.