9 Dec
2005
9 Dec
'05
3:55 p.m.
On Fri, 9 Dec 2005, Dusty Doris wrote:
From reading debug logs, am I correct in concluding that rlm_ldap's
Correct, as the default behavior?
Sounds right to me.
I have to ask then: If on the authorization stage, the module can read (and cache) the entire DN's attribute set (actually, any DN in the LDAP), why does it need to use a "re-connect as the user" method for authentication? If the password in cleartext, comparison is easy. If it's in SSHA/SHA/MD5/blowfish/crypt, then the comparison can happen against those algorithms. ~BAS
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html