LDAP - bind as user - howto?

Stefan Paetow Stefan.Paetow at ja.net
Thu Oct 16 23:25:18 CEST 2014 

Matej, 

This was recently a topic on this list and I posted this: 

http://freeradius.1045715.n5.nabble.com/LDAP-bind-user-authentication-tp5729976p5729979.html

According to the original poster, that did the trick for him and he could use bind-as-user. There was no messing with the 'users' file (or odd default User-Dn stuff), just setting up the LDAP server details, tweaking the ldap query to retrieve your user, and the few lines in both the 'authorize' and 'authenticate' sections to be able to use PAP. 

Granted, you're using FR 2.1.12, so mileage will vary, but if you use the FreeRADIUS repository, you can switch to v3.0.4 and enjoy the gloriousness of the rewritten LDAP module that makes things so easy :-)

Stefan Paetow
Moonshot Industry & Research Liaison Coordinator

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at jabber.dev.ja.net
skype: stefan.paetow.janet

Janet, the UK's research and education network.

Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238


________________________________________
From: freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org [freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org] on behalf of Alan DeKok [aland at deployingradius.com]
Sent: 16 October 2014 21:46
To: FreeRadius users mailing list
Subject: Re: LDAP - bind as user - howto?

Matej Žerovnik wrote:
> If I use users file, then %{User-Name} is not substituted with the
> user-name provided in the accept-request. I hope it's obvious I want to
> use different usernames as different users will use radius to login to
> the service.

 You said other things didn't work when you used the "hints" file.

  Just write all of the policies in "unlang".

> I found out I read about hints file on this url:
> http://www.opensource.apple.com/source/freeradius/freeradius-11/freeradius/doc/rlm_ldap
>
> Later I realized that this file is about radius 1.X version, so it's
> probably obsolete.

  And it's just a copy of the FreeRADIUS documentation.  Which is
included with FreeRADIUS.  And which is available on wiki.freeradius.org.

  I don't see why people go to third-party sites, when the same (and
better) documentation is available directly from us.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

More information about the Freeradius-Users mailing list