I would like to ldap bind with username instead of DN

Alan DeKok aland at deployingradius.com
Fri Jun 19 16:55:55 CEST 2020


On Jun 19, 2020, at 8:11 AM, Wessel Louwris <wessel at stutit.nl> wrote:
> 
> I would like to bind with the given username and skip the ldapsearch, so I implemented 
> 
> 	DEFAULT Ldap-UserDN := "%{User-Name}”
> 
> in my authorize file (as described on https://wiki.freeradius.org/modules/Rlm_ldap <https://wiki.freeradius.org/modules/Rlm_ldap>).
> Unfortunately this seems to be not enough because it’s still binding with the DN:
> 
> (6) ldap: Login attempt by "user at company.nl "

  It helps to show the FULL debug output.  You've deleted 99% of the output.  That means we don't know what else is going on.

> (6) ldap: Using user DN from request "uid= user,ou=Users,dc=example,dc=com”    # this is a wrong DN returned by ldapsearch
> (6) ldap: Waiting for bind result...
> (6) ldap: ERROR: Bind credentials incorrect: Invalid credentials

  My guess is that you're running the "files" module (which reads the users file) *after* the ldap module.

  Alan DeKok.




More information about the Freeradius-Users mailing list