Thanks for the reply. I am new to FreeRadius and doing analysis on how to remove The "identity" and "password" attributes of LDAP module in radiusd.config and still be able to authenticate and authorize LDAP users. Is there any other option/configuration to avoid usernames and plain text passwords in the module ldap of radiusd.conf for authenticating and authorizing users of LDAP database ? I tried EAP-TLS method but didn't get proper result,can I use LDAP as database for EAP-TLS method,as one of forum answers is no http://freeradius.1045715.n5.nabble.com/EAP-TLS-LDAP-tt2750042.html#a2750045 I would like to use a certificate (admin) to bind to the LDAP database using FreeRadius because admin has the authority to traverse the LDAP tree. After binding using certificate i would like to Authenticate different users of LDAP using "radclient.exe -d ..\etc\raddb -f radtest.txt -x -s 127.0.0.1 auth testing1" if as per replies only LDAP simpile bind is possible ,how to compile OpenLDAP+SASL+FreeRadius on Windows only through cygwin ? or any other option please advice me I am wrong. Waiting for your inputs. Regards, Pramod On Wed, Apr 10, 2013 at 8:34 PM, Arran Cudbard-Bell < a.cudbardb@freeradius.org> wrote:
There are other ways to establish the trust between radiusd and LDAP beside simple binds which do not involve passwords. All of these use SASL in some form. Unfortunately rlm_ldap does not support them. I know Alan rewrote rlm_ldap recently for the upcoming 3.0 version, I don't know if SASL support was added or not. In any event this is an open source project and if you want this functionality then the usual mantra "Patches Welcome" applies.
No it wasn't.
-Arran
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html