FR3.0 and LDAP

Arran Cudbard-Bell a.cudbardb at
Tue Aug 13 10:50:18 CEST 2013

On 13 Aug 2013, at 09:48, Maja Wolniewicz <mgw at> wrote:

> W dniu 13.08.2013 10:41, A.L.M.Buxey at pisze:
>> Hi,
>>> Our freeradius server uses a few of LDAP databases (depending on the
>>> realm) and not all of them are under our control.
>> use different ldap modules for different realms? 
>> if (%{realm} == "specialone\.pl") {
>> 	ldap-specialone
>> 	}
>> etc ?
> but there is no way to use the LDAP database in FR3.0 without enabling
> read access to a password attribute.

Of course there is. The authenticate method of the ldap module does bind as user.  The success of the bind is an indication of whether authentication succeeded.  You need a cleartext copy of the password from the user though.

Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

More information about the Freeradius-Devel mailing list