Configuring LDAP for query ONLY...

Phil Mayers p.mayers at imperial.ac.uk
Fri Dec 7 15:43:32 CET 2007 

Eric Martell wrote:
> Hi Phil,
>    I need some help again. Is there a way in the ldap
> module we can specify to return only ONE result for
> search filter. In my ldap tree when search with a
> filter (&(uid=test1)(phone=1231313128)) I get multiple
> results.
> 
> And in the log I get message as search failed. I just
> want to return whatever the first result. 
> 
> rlm_ldap: performing search in dc=eng,dc=com, with
> filter (&(uid=test1)(phone=1231313128))
> rlm_ldap: object not found or got ambiguous search
> result
> rlm_ldap: search failed
> 
> Please help.

I don't think you can. You'll need to use a different (more specific?) 
search filter that gives unique results (and anyway, matching a random 
choice of N returned is not sensible - how do you know the one that 
matches even has a password attribute or is even a valid user object?)

> 
> Thanks and Regards,
> Eric.
> 
> 
> --- Eric Martell <workoutexcite at yahoo.com> wrote:
> 
>> Thanks so much Phil. I am using freeradius-1.0.4
>>
>> I am going to install the latest version and will
>> try
>> your suggestion.
>>
>> Thanks and Regards.
>> Eric.
>>
>>
>> --- Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>>
>>> Eric Martell wrote:
>>>> Hi,
>>>>   Is it possible to altogether avoid
>> authenticate
>>>> section  and just do ldap lookups in the
>> authorize
>>>> section?
>>>>
>>>> authorize {
>>>>    ldap {
>>>>      notfound = reject
>>>>    }
>>>> }
>>>>
>>>> The problem is in the authenticate section,
>> radius
>>>> gets the userDN from the authorize and tries to
>>> "bind"
>>>> ldap with password which we don't have.
>>>>
>>>> I also tried in users file
>>>> Ldap-UserDN :=
>> `cn=Manager,dc=eng,dc=com/answer2` 
>>> Assuming you are using a recent version of
>>> FreeRadius, you can do one of 
>>> the following:
>>>
>>> modules {
>>>    ldap {
>>>      ...
>>>      set_auth_type = no
>>>    }
>>> }
>>>
>>> authorize {
>>>    preprocess
>>>    ldap
>>>    pap
>>> }
>>>
>>> authenticate {
>>>    Auth-Type PAP {
>>>      pap
>>>    }
>>> }
>>>
>>>
>>>
>>
>>
>>      
>>
> ____________________________________________________________________________________
>> Be a better pen pal. 
>> Text or chat with friends inside Yahoo! Mail. See
>> how.  http://overview.mail.yahoo.com/
>>
> 
> 
> 
>       ____________________________________________________________________________________
> Looking for last minute shopping deals?  
> Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping

More information about the Freeradius-Users mailing list