Bind to ldap with the current auticated user

Arran Cudbard-Bell a.cudbard-bell at sussex.ac.uk
Sun Nov 23 22:16:17 CET 2008


Alan DeKok wrote:
> Ram Akuka wrote:
>   
>> Hi,
>> i am trying to bind to LDAP server with my the current auth user ..
>>     
>
>   You don't need to change anything to do that.  Just make sure LDAP is
> being used for authentication, and it will automatically bind as user".
>
>   If you want to do "bind as user" to get authorization parameters, this
> is wrong.
>
>   
>> so i added the following to the ldap module:
>>
>> identity = "uid=%{Stripped-User-Name:-%{User-Name}},ou=people,o=XXX,o=XXX"
>> password = "%{%{User-Password}:-%{Chap-Password}}"
>>     
>
>   This is *totally* broken.  For one reason, the CHAP authentication
> method is *not* a password you can use to bind to ldap.
>
>   
>> can some one help me here and tell me what i am doing wrong here????
>>     
>
>   Leave the "identity" and "password" fields in the LDAP configuration
> as the value for a read-only administrative user.
>
>   
The LDAP module can do authentication in two ways. Either you bind as
the administrator, lookup the password hashes/ password in the LDAP
directory and hash the value of User-Password and do a comparison. Or
you bind as the user and reject/ accept the user on the result of the bind.

Which one are you attempting to do here ?

Arran




More information about the Freeradius-Users mailing list