LDAP: Variables in "identity" setting

Derrick Woo dpywoo at gmail.com
Wed Dec 14 18:26:40 CET 2005


Hello Phil,

I've removed "ldap" from the authorize section now, but now it's not even
connecting to the ldap server.  Am I overlooking something?

Thank you for your help.  It's greatly appreciated.

Derrick

On 12/13/05, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>
> Derrick Woo wrote:
> > Hello Phil,
> >
> > Thanks for your response.  However as I had mentioned in my post, this
> > particular LDAP server uses a person's username and password for
> > binding.  There is no service account and anonymous binds are not
> > allowed.  Commenting out identity and password did not work.
> >
> > Am I out of luck here?
>
> Ah, you don't want to search *at all*. Remove "ldap" from the authorize
> section, leave it in the "authenticate" section, and set:
>
> DEFAULT Ldap-UserDN := `uid=%{User-Name},ou=people,dc=company,dc=com`
>
> ...in the users file. (Adding the Ldap-UserDN is basically what the ldap
> module *does* in the authorize section). This is documented in
> doc/rlm_ldap
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051214/e406e47d/attachment.html>


More information about the Freeradius-Users mailing list