LDAP authentication

Vladimir Vuksan vlists at veus.hr
Wed Jul 13 03:48:59 CEST 2005


Florin Andrei wrote:

>To be more precise, authentication happens during the LDAP Bind request.
>Subsequent searches are irrelevant.
>
>Can freeradius do the same? I.e., wait for a username / password request
>from a client, bind to the LDAP server using the supplied password (and
>passing the username with the DN line) and report success/failure to the
>Radius client based on the success/failure of the LDAP Bind transaction.
>  
>

Yes. Please check out

http://vuksan.com/linux/dot1x/802-1x-LDAP.html#Set_up_FreeRADIUS

Only difference in the config for you is that you will exclude following 
two lines

                identity = "uid=onex,cn=users,dc=cs,dc=school,dc=edu"
                password = "oursecret"

ie.

ldap ldap_1x {
                server = "ldap1.cs.school.edu"
                basedn = "dc=cs,dc=school,dc=edu"

                base_filter = "(objectclass=radiusprofile)"
                start_tls = yes
                # This is your Certificate Authority (CA) certificate
                tls_cacertfile = /etc/ldap/csca.crt
                tls_require_cert = "demand"
                access_attr = "radiusFilterId"
                dictionary_mapping = ${raddbdir}/ldap.attrmap
                authtype = ldap

                ldap_connections_number = 5
                timeout = 4
                timelimit = 3
                net_timeout = 1
}


Hope this helps,
Vladimir



More information about the Freeradius-Users mailing list