FR3.0 and LDAP
Alan DeKok
aland at deployingradius.com
Mon Aug 12 21:56:29 CEST 2013
A.L.M.Buxey at lboro.ac.uk wrote:
> so, in previous release, in authorize, the 'ldap' call would
> set the authentication method to LDAP.....
*Sometimes*. If you configured the module to do that. For 2.x, it
didn't always set "Auth-Type = LDAP"
> in the new release
> I see the warning/text above the "Auth-Type LDAP" line... theres
> a conditional -ldap in authorize - which, if ldap module is correctly
> configured would still set authentication type?
No. It's in the "authorize" section. It will do LDAP authorization.
Like grabbing the userPassword entry from LDAP.
> I assume that the CORRECT and really OLY way that you should be doing
> things now is use ldap in authorize to pull out the password
> entry
Yes.
> and then the Auth-Type PAP
Done by the PAP module.
> part of authenicate kicks in and uses
> it....is that correct (because I cant see the PAP in authenticate
> kicking off a 'grab from LDAP' exercise... this means that the old
> 'check user in authorize' then 'check password in authenticate'
> model has been altered...
Yes. It's been altered for 4-5 years now.
However, people don't tend to update their configurations. And
third-party "howto's" don't get updated, either.
Alan DeKok.
More information about the Freeradius-Devel
mailing list