Hi,
As user laurence I am able to search, so the root now binds, however laurence does not authenticate. I am able to connect via ssh via ldap server etc.
and the debug log shows....
auth: type "LDAP" Processing the authenticate section of radiusd.conf modcall: entering group LDAP for request 0 rlm_ldap: - authenticate rlm_ldap: login attempt by "laurence" with password "xxxx" rlm_ldap: user DN: cn=Laurence Mayer,ou=people,dc=istraresearch,dc=com rlm_ldap: (re)connect to 127.0.0.1:389, authentication 1 rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow rlm_ldap: bind as cn=Laurence Mayer,ou=people,dc=istraresearch,dc=com/xxxx to 127.0.0.1:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind failed with invalid credentials modcall[authenticate]: module "ldap" returns reject for request 0 modcall: leaving group LDAP (returns reject) for request 0 auth: Failed to validate the user.
thats fairly obvious. this auth is still binding as cn=Laurence..... and unable to. change this binding operation to some level that can. reason why this part fails is this bind for authenticate is asking for some more sensitive details (password!) whereas the authorize is just doing a value/check comparison to see if they are allowed to the resources. alan