Hello Josip and thank you again for your response.

This is an orthogonal issue; you don't have to allow anyone to read the
value of the userPassword attribute, you just have to get the FR ldap
module to *bind* to the LDAP server with the username and password from
the request.
 
Ok, now I know.

This is log output for an anonymous bind in authorize section ("bind as /
to" means "bind as <no user>/<no password>"). What is the output for the
authenticated bind, that happens in the authenticate section?

There is no authenticated bind because Freeradius doesn't set Auth-Type and...

ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user 

Thanks

++ Ana Gallardo Gómez ++