Trying to integrate with LDAP

fernando.sg1 at gmail.com fernando.sg1 at gmail.com
Thu Mar 14 03:03:21 CET 2013 

now at the PC, i can write better:

1st: shout i uncoment this 2 lines on /modules/ldap
# identity = "cn=admin,dc=xxxxx,dc=edu,dc=br"
# password = "123abc"
?

i tryed both configs with ou=People or without and dont work.


uncomenting the 2 lines i get this on freeradius -X:

[ldap] performing user authorization for user1
[ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> user1
[ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=user1)
[ldap] expand: ou=People,dc=xxxx,dc=edu,dc=br ->
ou=People,dc=xxxxxx,dc=edu,dc=br
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to 200.131.96.47:389, authentication 0
  [ldap] bind as cn=admin,dc=xxxxxx,dc=edu,dc=br/123abc to 200.131.96.47:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
  [ldap] performing search in ou=People,dc=xxxxx,dc=edu,dc=br, with filter
(uid=user1)
[ldap] checking if remote access for user1 is allowed by uid
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header ==
"{MD5}ICy5YqxZB1uWSwcVLSNLcA=="
[ldap] looking for reply items in directory...
[ldap] Setting Auth-Type = LDAP
[ldap] user user1 authorized to use remote access




2013/3/13 Arran Cudbard-Bell <a.cudbardb at freeradius.org>

>
> On 13 Mar 2013, at 20:00, Fernando Barreto <fernando.sg1 at gmail.com> wrote:
>
> > hey, thanks for the quickly repply
>
> > [ldap]  expand: dc=xxxx,dc=edu,dc=br -> dc=xxxxx,dc=edu,dc=br
>
> Bbecause you changed the search DN?
>
> In the original request it was:
>
> > [ldap] expand: ou=People,dc=xxxxx,dc=edu,dc=br ->
> ou=People,dc=xxxxxxx,dc=edu,dc=br
>
> Now its:
>
> > [ldap]  expand: dc=xxxx,dc=edu,dc=br -> dc=xxxxx,dc=edu,dc=br
>
> The and the scope is probably set incorrectly.
>
> and no, you don't need to duplicate the ldap config in radiusd.conf.
>
> -Arran
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130313/ae4d9dab/attachment.html>

More information about the Freeradius-Users mailing list