A.L.M.Buxey@lboro.ac.uk wrote:
so, in previous release, in authorize, the 'ldap' call would set the authentication method to LDAP.....
*Sometimes*. If you configured the module to do that. For 2.x, it didn't always set "Auth-Type = LDAP"
in the new release I see the warning/text above the "Auth-Type LDAP" line... theres a conditional -ldap in authorize - which, if ldap module is correctly configured would still set authentication type?
No. It's in the "authorize" section. It will do LDAP authorization. Like grabbing the userPassword entry from LDAP.
I assume that the CORRECT and really OLY way that you should be doing things now is use ldap in authorize to pull out the password entry
Yes.
and then the Auth-Type PAP
Done by the PAP module.
part of authenicate kicks in and uses it....is that correct (because I cant see the PAP in authenticate kicking off a 'grab from LDAP' exercise... this means that the old 'check user in authorize' then 'check password in authenticate' model has been altered...
Yes. It's been altered for 4-5 years now. However, people don't tend to update their configurations. And third-party "howto's" don't get updated, either. Alan DeKok.