FR3.0 and LDAP

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Aug 13 10:50:18 CEST 2013


On 13 Aug 2013, at 09:48, Maja Wolniewicz <mgw at umk.pl> wrote:

> 
> W dniu 13.08.2013 10:41, A.L.M.Buxey at lboro.ac.uk pisze:
>> Hi,
>> 
>>> Our freeradius server uses a few of LDAP databases (depending on the
>>> realm) and not all of them are under our control.
>> use different ldap modules for different realms? 
>> 
>> if (%{realm} == "specialone\.pl") {
>> 	ldap-specialone
>> 	}
>> 
>> 
>> etc ?
> but there is no way to use the LDAP database in FR3.0 without enabling
> read access to a password attribute.

Of course there is. The authenticate method of the ldap module does bind as user.  The success of the bind is an indication of whether authentication succeeded.  You need a cleartext copy of the password from the user though.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team



More information about the Freeradius-Devel mailing list