LDAP: Variables in "identity" setting
Derrick Woo
dpywoo at gmail.com
Tue Dec 13 18:18:01 CET 2005
The LDAP server we have set up is used to authenticate users based on their
username and password. If I were to query from the (Linux) command line
using ldapsearch, the query would appear as follows:
ldapsearch -x -h ldap.domain.com -b ou=ldap,o=domain.com -D uid=XXX,ou=it,o=
domain.com -w 'YYY'
Where XXX is a person's username and YYY is their password. That means a
person can only query their own information and not anyone elses (unless, of
course, they have someone else's username and password).
>From what I can see, it doesn't appear as though the %{User-Name} variable
can be used within the "identity" setting in freeRADIUS 1.0.1. If that's
correct, does it mean freeRadius won't be able to be used for this
particular set up? If I hardcode a test username and password in the
configuration as follows:
server = "ldap.domain.com"
identity = "uid=XXX,ou=it,o=domain.com"
password = 'YYY'
basedn = "ou=ldap,o=domain.com"
it binds correctly. However, for our particular setup, both the username
and password's used to bind to the server need to be variable at run time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051213/b3417721/attachment.html>
More information about the Freeradius-Users
mailing list