FR3.0 and LDAP

A.L.M.Buxey at A.L.M.Buxey at
Mon Aug 12 21:51:47 CEST 2013


>   Nope.  You're supposed to let LDAP be a database, and FreeRADIUS be an
> authentication server.

so, in previous release, in authorize, the 'ldap' call would
set the authentication method to LDAP.....  in the new release
I see the warning/text above the "Auth-Type LDAP" line... theres
a conditional -ldap in authorize - which, if ldap module is correctly
configured would still set authentication type?  

I assume that the CORRECT and really OLY way that you should be doing
things now is use ldap in authorize to pull out the password
entry and then the Auth-Type PAP part of authenicate kicks in and uses that correct (because I cant see the PAP in authenticate
kicking off a 'grab from LDAP' exercise... this means that the old
'check user in authorize' then 'check password in authenticate'
model has been altered...


More information about the Freeradius-Devel mailing list