Configuring LDAP for query ONLY...

Eric Martell workoutexcite at yahoo.com
Mon Dec 3 23:21:03 CET 2007


I am little bit confused as how to configure
radiusd.conf in the authorize and/or authenticate
section. So password is going to act like ldap
attribute.

We are going to pass, username and ldap attribute
(home phone #) as input for each user.

The way it is configured now is in the modules,

ldap {
server = "10.11.12.2"
identity = "cn=Manager,dc=eng,dc=com"
password = answer2
basedn = "dc=eng,dc=com"

filter =
"(&(uid=%{Stripped-User-Name:-%{User-Name}})(phone=1231313128))"
// just for testing

ldap_connections_number = 5

timeout = 4

timelimit = 3

net_timeout = 1

}





authorize {
..
..
..
ldap
...

}

authenticate {
        Auth-Type LDAP {
                ldap
        }
}


In the logs it says:

rlm_ldap: - authorize
rlm_ldap: performing user authorization for test1
radius_xlat:  '(&(uid=test1)(phone=1231313128))'
radius_xlat:  'dc=eng,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: bind as cn=Manager,dc=eng,dc=com/answer2 
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=eng,dc=com, with
filter (&(uid=test1)(phone=1231313128))
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test1 authorized to use remote access


this is good....
But in the authenticate section


rlm_ldap: - authenticate
rlm_ldap: login attempt by "test1" with password
"1231313128"
rlm_ldap: user DN: id=1967816, dc=eng,dc=com
rlm_ldap: bind as id=1967816, dc=eng,dc=com/1231313128

rlm_ldap: waiting for bind result ...
rlm_ldap: id=1967816, dc=eng,dc=com bind to
10.11.12.2:389 failed Inappropriate authentication
rlm_ldap: ldap_connect() failed



Not sure why it is trying to bind as id=1967816,
dc=eng,dc=com/1231313128 

The only thing I want to do it, just authorize the
ldap and pass the user through.


Please let me know if I am missing something.

Thanks so much.

Regards,
Erik.



      ____________________________________________________________________________________
Be a better sports nut!  Let your teams follow you 
with Yahoo Mobile. Try it now.  http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ



More information about the Freeradius-Users mailing list