23 Jul
2010
23 Jul
'10
2:59 p.m.
Tom Leach wrote:
To correct the bind problem, I added an ACL to the directory to allow 'uid=admin,o=radtree' to access the userPassword attribute, then configured the ldap module to use 'uid=admin,o=radtree' as the identity and 'secret' as the password. Now the bind succeeds, the -X output says that it's mapping userPassword -> Crypt-Password == "{crypt}4gOgBZqZgtwIw"
The "Crypt-Password" attribute is supposed to be the crypt'd version of the password *without* the "{crypt}" header. Change the mapping from "userPassword -> Crypt-Password" to "userPassword -> User-Password", and it will work. The PAP module will look for the "{crypt}" header, and create a Crypt-Password with the appropriate value. Alan DeKok.