On Thu, Aug 31, 2017 at 4:44 PM, Olivier <Olivier.Nicole@cs.ait.ac.th> wrote:
The first in in ldap module. In version 2, I did not define an identity nor a password and the binding to ldap server is made with the user name and password, effectively using ldap to authenticate the user.
With the version3, I see:
Aug 31 16:30:32 ldap slapd[550]: conn=60904 fd=107 ACCEPT from IP=192.41.170.3:37996 (IP=192.41.170.6:636) Aug 31 16:30:32 ldap slapd[550]: conn=60904 fd=107 TLS established tls_ssf=256 ssf=256 Aug 31 16:30:32 ldap slapd[550]: conn=60904 op=0 BIND dn="" method=128
where an anonymous bind is attempted (dn=""). I am not sure what has change in this regard between version 2 and 3, but I really need to replicate the same mechanism as in version 2, that is bind with the user name instead of going with some administrator account that would search in the ldap directory.
So you only want ldap for authentication, not authorization? Try https://wiki.freeradius.org/modules/Rlm_ldap#userdn-attribute -- Fajar