The configuration that work:
LDAP MODULE
ldap ldapPerson{
server = "xxx"
basedn = "ou=people,dc=unex,dc=es"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
tls {
start_tls = no
}
dictionary_mapping = ${confdir}/ldapPerson.attrmap
edir_account_policy_check = no
set_auth_type = yes
}
SERVER
server test{
authorize {
suffix
files
ldapPerson
expiration
update control {
Auth-Type := "LDAP"
}
}
authenticate {
Auth-Type LDAP {
ldapPerson
}
}
}
DEBUG
rad_recv: Access-Request packet from host x.x.x.x port 48259, id=145, length=58
User-Name = "
aigallardo@unex.es"
User-Password = "xxxx"
server test {
# Executing section authorize from file /etc/freeradius/sites-enabled/test
+- entering group authorize {...}
[suffix] Looking up realm "
unex.es" for User-Name = "
aigallardo@unex.es"
[suffix] Found realm "
unex.es"
[suffix] Adding Stripped-User-Name = "aigallardo"
[suffix] Adding Realm = "
unex.es"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[files] users: Matched entry DEFAULT at line 33
++[files] returns ok
[ldapPerson] performing user authorization for aigallardo
[ldapPerson] expand: %{Stripped-User-Name} -> aigallardo
[ldapPerson] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=aigallardo)
[ldapPerson] expand: ou=people,dc=unex,dc=es -> ou=people,dc=unex,dc=es
[ldapPerson] ldap_get_conn: Checking Id: 0
[ldapPerson] ldap_get_conn: Got Id: 0
[ldapPerson] attempting LDAP reconnection
[ldapPerson] (re)connect to x.x.x.x:389, authentication 0
[ldapPerson] bind as / to x.x.x.x:389
[ldapPerson] waiting for bind result ...
[ldapPerson] Bind was successful
[ldapPerson] performing search in ou=people,dc=unex,dc=es, with filter (uid=aigallardo)
[ldapPerson] No default NMAS login sequence
[ldapPerson] looking for check items in directory...
[ldapPerson] looking for reply items in directory...
[ldapPerson] gecos -> Nombre-Completo = "Ana-Isabel Gallardo Gomez..."
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldapPerson] user aigallardo authorized to use remote access
[ldapPerson] ldap_release_conn: Release Id: 0
++[ldapPerson] returns ok
++[expiration] returns noop
++[control] returns noop
Found Auth-Type = LDAP
# Executing group from file /etc/freeradius/sites-enabled/test
+- entering group LDAP {...}
[ldapPerson] login attempt by "aigallardo" with password "xxxx"
[ldapPerson] user DN: uid=aigallardo,ou=People,dc=unex,dc=es
[ldapPerson] (re)connect to x.x.x.x:389, authentication 1
[ldapPerson] bind as uid=aigallardo,ou=People,dc=unex,dc=es/xxxxx to x.x.x.x:389
[ldapPerson] waiting for bind result ...
[ldapPerson] Bind was successful
[ldapPerson] user aigallardo authenticated succesfully
++[ldapPerson] returns ok
} # server test
Sending Access-Accept of id 145 to x.x.x.x port 48259
Nombre-Completo = "Ana-Isabel Gallardo Gomez..."