Radius integration with LDAP (SASL)
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jan 17 15:13:46 CET 2012
On 17/01/12 14:04, Alan DeKok wrote:
> vijay t wrote:
>> Please note am "using SASL on my LDAP"... If i create a user in ldap (eg
>> 101821 ) server itself i am able to authenticate the user( Please see
>> the debug output "1") . Am facing problem only for those users whom am
>> using SASL mechanism for userPassword (Please see the debug output "2" )
>
> And again, the debug output tells you what is going wrong. Read it.
>
> {SASL}... is NOT the users clear-text password.
IIRC that's a special value that OpenLDAP uses; "{SASL}username" tells
OpenLDAP to use the SASL library, with the username after the } and the
password given in the bind request.
So, he's using LDAP as an oracle to talk to an oracle. Maybe there's
another oracle in there somewhere...
I guess he needs to set "Auth-Type"... I don't know why people construct
these Heath Robinson systems that make their lives difficult!
More information about the Freeradius-Users
mailing list