Freeradius and LDAP : to be continued

Thu Dec 15 18:18:12 CET 2005

Frank Bonnet wrote:

> Hello
>
> I have a chillispot that works with OpenLDAP
> on a Debian box

Strictly the same thing I want to achieve indeed ! ;-)
How are your password in your LDAP ? (clear ? hash form ?)

Moreover, except this configuration of the ldap remote server, what did 
you put in authorize and authentificate section ?
What did you put in the ldap.attrmap, only the mapping of the user 
password ?

I must admit I am loosing my common sense here :-)

>
> here are the modifications in radiusd.conf I wrote
>
> # Lightweight Directory Access Protocol (LDAP)
>         #
>         #  This module definition allows you to use LDAP for
>         #  authorization and authentication (Auth-Type := LDAP)
>         #
>         #  See doc/rlm_ldap for description of configuration options
>         #  and sample authorize{} and authenticate{} blocks
>         ldap {
>                 server = "your.ldap.server"
>                 basedn = "ou=Person,dc=domain,dc="
>                 #filter = "(posixAccount)(uid=%u))"
>                 filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
>                 # base_filter = "(objectclass=radiusprofile)"
>                 access_attr = "uid"
>
>                 # Mapping of RADIUS dictionary attributes to LDAP
>                 # directory attributes.
>                 dictionary_mapping = ${raddbdir}/ldap.attrmap
>                 ldap_connections_number = 5
>
>
> hope this helps

-- 
Christophe Gravier
Laboratoire DIOM, groupe SATIn - Doctorant
ISTASE - Ingénieur d'études
Perso: http://perso.univ-st-etienne.fr/gravchri/
SATIn: http://www.istase.com/satin
Tel : 04 7748 5034
A mediter: http://www.fsffrance.org/news/article2005-11-25.fr.html