AD Authentication Permissions
John Dennis
jdennis at redhat.com
Wed Jan 9 20:22:45 CET 2013
On 01/09/2013 02:00 PM, Tyler Brady wrote:
> Can someone give more details on setting up LDAP groups? So far I have attempted to modify the users file and the ldap module. I can't seem to get the ldap module configured properly, but I'm sure that's just one of many issues.
>
> ldap {
> #
> # Note that this needs to match the name in the LDAP
> # server certificate, if you're using ldaps.
> server = "ldap.your.domain"
> #identity = "cn=admin,o=My Org,c=UA"
> #password = mypass
> basedn = "o=My Org,c=UA"
> filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
> #base_filter = "(objectclass=radiusprofile)"
>
> cn = username (is this correct)
> o= domain (is this correct)
> c= ? (what does this field mean)
identity is the bind dn, it's an ldap concept, refer to ldap literature
to learn what a bind dn is. The bind dn you should be using is specific
to your deployment, ask whoever is managing your ldap server what to
use. Remember this represents a server-to-server binding, not a
user-to-server binding, in other words the radius server is binding to
your ldap server to perform lookup's related to users and groups thus
the identity you bind as will need permission to view that portion of
the ldap tree.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list