rlm_ldap and auto_header

Tim Palmer tpalmer at bestweb.net
Tue Nov 11 21:35:03 CET 2008

tnt at kalik.net wrote:
>> Why yes, I did map Cleartext-Password, since the debug error ( and 
>> various list postings) seemed clear on that:
>> ldap.attrmap:
>> checkItem       Cleartext-Password              userPassword
> OK. Debug will moan about using User-Password if you are using clear text
> password. It will moan, replace it with Cleartext-Password - and things
> will still work. If you are using clear text passwords you can do this
> mapping to shut it up. Better practice would be to map it to something
> like radiusCleartextPassword and copy userPassword field there.
> But mapping encrypted passwords to Cleartext-Password is clearly wrong.
> Remove that mapping and auto_headers in pap will work.
> Ivan Kalik
> Kalik Informatika ISP
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What you say makes complete sense, but its still not working for me 
unless I have ldap do the auto_header. However, I'd done several things 
with this machine in this process, so I'm going to rebuild it and start 
from scratch, now that I am clear on exactly how this bit is supposed to 

Thank you for your input,


More information about the Freeradius-Users mailing list