Radius integration with LDAP (SASL)
Alan DeKok
aland at deployingradius.com
Tue Jan 17 15:19:37 CET 2012
Phil Mayers wrote:
> On 17/01/12 14:04, Alan DeKok wrote:
> IIRC that's a special value that OpenLDAP uses; "{SASL}username" tells
> OpenLDAP to use the SASL library, with the username after the } and the
> password given in the bind request.
Sure. But then LDAP should go do that lookup!
> So, he's using LDAP as an oracle to talk to an oracle. Maybe there's
> another oracle in there somewhere...
Probably. As he said, it's FreeRADIUS -> LDAP -> SASL
But... the debug log shows FreeRADIUS -> LDAP. So the LDAP-SASL link
is broken.
Is that a RADIUS problem?
Nope.
> I guess he needs to set "Auth-Type"... I don't know why people construct
> these Heath Robinson systems that make their lives difficult!
Because they believe complicated systems are better. Because they
can't follow instructions. Because they think they know better than
people who've been doing it for 10+ years. Maybe all/some of the above.
Alan DeKok.
More information about the Freeradius-Users
mailing list