LDAP: Variables in "identity" setting
Phil Mayers
p.mayers at imperial.ac.uk
Tue Dec 13 22:23:59 CET 2005
Derrick Woo wrote:
> Hello Phil,
>
> Thanks for your response. However as I had mentioned in my post, this
> particular LDAP server uses a person's username and password for
> binding. There is no service account and anonymous binds are not
> allowed. Commenting out identity and password did not work.
>
> Am I out of luck here?
Ah, you don't want to search *at all*. Remove "ldap" from the authorize
section, leave it in the "authenticate" section, and set:
DEFAULT Ldap-UserDN := `uid=%{User-Name},ou=people,dc=company,dc=com`
...in the users file. (Adding the Ldap-UserDN is basically what the ldap
module *does* in the authorize section). This is documented in doc/rlm_ldap
More information about the Freeradius-Users
mailing list