Porting ldap module configuration from 2.2.9 to 3.0.15
Fajar A. Nugraha
list at fajar.net
Tue Sep 19 10:46:00 CEST 2017
On Tue, Sep 19, 2017 at 3:06 PM, Olivier <Olivier.Nicole at cs.ait.ac.th>
wrote:
> >> I need only authentication, but the authentication should be done inside
> >> LDAP, with a binding using the User-Name that is provided to FreeRadius
> >>
> >
> > ... which, to the best of my knowledge, the link pretty tells you how you
> > can achieve that.
> >
> >
> >> but what LDAP tells me is that I am binding with no username.
> >>
> >>
> > Because it needs to fill Ldap-UserDN attribute.
> >
> > Did you read the link? Did you follow what it says to 'avoid the ldap
> > search completely'?
>
> Yes I did and I added:
>
> DEFAULT Ldap-UserDN := "uid=%{User-Name},ou=People,
> ou=csim,dc=cs,dc=ait,dc=ac,dc=th"
>
> in the file raddb/users. But it does not change the behaviour. Also, I
>
That is odd.
Try running freeradius in debug mode (with -X), test authentication from
client, and read the result (or post it here). What you should watch out
for:
- whether the files module are loaded and processed before ldap module
- and whether Ldap-UserDN is correctly aded
- what ldap module does
am wondering, because the top of the file users mention that
> # Configuration file for the rlm_files module.
>
>
Correct.
One module can affect others. In this case, if the wiki is correct, the
files module (rlm_files) can be used to add an attribute (Ldap-UserDN). If
that attribute is already present, ldap module will behave differently.
--
Fajar
More information about the Freeradius-Users
mailing list