ldap authenticate object not found

John Dennis jdennis at redhat.com
Fri Mar 12 15:56:51 CET 2010

On 03/12/2010 06:44 AM, omega bk wrote:
> i just want to understand.
> why [ldap] Added User-Password = test  in check items , and how to
> replace it by Cleartext-Password.
> Is ldap returns password non crypted?
> is ldap use 'Auth-Type = Local' ?

In the raddb directory is a file called ldap.attrmap. When you find a 
user in ldap it will retrieve all the check items listed there that it 
can find associated with the user. The file maps the ldap attribute name 
to a radius attribute name and adds it as a check item to the request. 
You most likely have a line in the ldap.attrmap file which maps an ldap 
attribute to User-Password. The User-Password radius attribute is 
deprecated, just like it clearly says in the debug output. The radius 
User-Password attribute has been replaced by Cleartext-Password. Change 
you ldap mapping so the Cleartext-Password is returned instead of 

It is possible to prepend the cleartext password with a {hash-type} 
prefix if the password is actually hashed (e.g. {crypt}). This is 
documented in raddb/modules/pap. Which type of password is compatible 
with which authentication method is documented here:

The use of check items, the role of authorization & authentication is 
documented in doc/aaa.txt. LDAP processing is documented in 
doc/ldap_howto.txt. Please try and read the documentation before you ask 
questions. The reason we know the answers is because we read the 
documentation ;-)

> i don't really understand how ldap deals back information.

John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?

More information about the Freeradius-Users mailing list