rlm_ldap and auto_header
Alan DeKok
aland at deployingradius.com
Tue Nov 11 10:55:32 CET 2008
Tim Palmer wrote:
> With 2.1.1, I had no trouble getting rlm_ldap to connect to my OpenLDAP
> server, and after putting in a Cleartext-Passwrod entry in
> ldap.attrsmap,
That's the issue. DON'T do that.
> rlm_ldap would authorize fine, and everything seemed ok,
> except I couldn't get pap to understand the encryption scheme:
>
> [pap] Found existing Auth-Type, not changing it.
> ++[pap] returns noop
> Found Auth-Type = PAP
> +- entering group PAP {...}
> [pap] login attempt with password "testing"
> [pap] Using clear text password "{crypt}$1$Moq9XEC8$PRA5/NGFUrskxI52Nv8rm."
Because you told it that the userPassword LDAP field was a clear-text
password. The PAP module is *supposed* to do the "auto-header" thing
itself. It can't, becaue you told it that the above text WAS the password.
> Is it only some odd ball, simplistic configurations like mine that this
> should be required? I was unable to find any mention of this as an ldap
> module setting except in rlm_ldap.c, which I didn't think to look in
> until after the fact.
The LDAP auto-header configuration is deprecated. The PAP module is
supposed to do that work now.
Alan DeKok.
More information about the Freeradius-Users
mailing list