13 Sep
2007
13 Sep
'07
1:14 a.m.
Ivan Lago wrote:
I had the same problem: the ldap module only sets Auth-Type if it do not add a cleartext password to config items (the line saying "rlm_ldap: Added password {CRYPT}XXXXXXXX in check items"). Cannot the password be stored in LDAP directly?
Yes, it can. But if you're telling the server about a "known good" password, it means that the *server* can authenticate the user. Setting "Auth-Type := LDAP" is unnecessary. In many, many, cases, it's also WRONG. Add the "pap" module to the "authorize" section. Alan DeKok.