Bind to ldap with the current auticated user

Alan DeKok aland at deployingradius.com
Sun Nov 23 13:47:08 CET 2008


Ram Akuka wrote:
> Hi,
> i am trying to bind to LDAP server with my the current auth user ..

  You don't need to change anything to do that.  Just make sure LDAP is
being used for authentication, and it will automatically bind as user".

  If you want to do "bind as user" to get authorization parameters, this
is wrong.

> so i added the following to the ldap module:
> 
> identity = "uid=%{Stripped-User-Name:-%{User-Name}},ou=people,o=XXX,o=XXX"
> password = "%{%{User-Password}:-%{Chap-Password}}"

  This is *totally* broken.  For one reason, the CHAP authentication
method is *not* a password you can use to bind to ldap.

> can some one help me here and tell me what i am doing wrong here????

  Leave the "identity" and "password" fields in the LDAP configuration
as the value for a read-only administrative user.

  Alan DeKok.



More information about the Freeradius-Users mailing list