checkitem problem

Norbert Wegener norbert.wegener at siemens.com
Sat Sep 1 12:49:47 CEST 2007


Alan DeKok wrote:
> Norbert Wegener wrote:
>   
>> rlm_ldap: looking for check items in directory...
>> rlm_ldap: Adding primaryGroupID as Cleartext-Password == "515"
>>     
>
>   OK...
>
>   
>>  modcall[authorize]: module "ldap" returns ok for request 11
>>    users: Matched entry DEFAULT at line 2
>>     
>
>   Yes... because you are telling the server what the clear-text password
> is supposed to be.  If you tell the server TWICE, it will say OK twice.
>   
Telling it twice in a check item?
Please correct me, but my understanding of check items has been, that 
they have to be in the the access request to match an entry.
The clear-text password is not in the original request. It is added 
during the processing of that request via ldap.
Depending on that value an entry of the users file should match.
I do not yet see, where myunderstanding is wrong.

Norbert Wegener


>   What sort of behavior do you expect?  "If cleartext password is
> already set, don't set it again" ?  Nothing in the ldap or users file
> documentation says that they do anything like that.
>
>   If you want that functionality, see 2.0.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   




More information about the Freeradius-Users mailing list