Configuring LDAP for query ONLY...
Phil Mayers
p.mayers at imperial.ac.uk
Tue Dec 4 18:54:36 CET 2007
Eric Martell wrote:
> Hi,
> Is it possible to altogether avoid authenticate
> section and just do ldap lookups in the authorize
> section?
>
> authorize {
> ldap {
> notfound = reject
> }
> }
>
> The problem is in the authenticate section, radius
> gets the userDN from the authorize and tries to "bind"
> ldap with password which we don't have.
>
> I also tried in users file
> Ldap-UserDN := `cn=Manager,dc=eng,dc=com/answer2`
Assuming you are using a recent version of FreeRadius, you can do one of
the following:
modules {
ldap {
...
set_auth_type = no
}
}
authorize {
preprocess
ldap
pap
}
authenticate {
Auth-Type PAP {
pap
}
}
More information about the Freeradius-Users
mailing list