13 Dec
2005
13 Dec
'05
4:23 p.m.
Derrick Woo wrote:
Hello Phil,
Thanks for your response. However as I had mentioned in my post, this particular LDAP server uses a person's username and password for binding. There is no service account and anonymous binds are not allowed. Commenting out identity and password did not work.
Am I out of luck here?
Ah, you don't want to search *at all*. Remove "ldap" from the authorize section, leave it in the "authenticate" section, and set: DEFAULT Ldap-UserDN := `uid=%{User-Name},ou=people,dc=company,dc=com` ...in the users file. (Adding the Ldap-UserDN is basically what the ldap module *does* in the authorize section). This is documented in doc/rlm_ldap