Bind to ldap with the current auticated user
Arran Cudbard-Bell
a.cudbard-bell at sussex.ac.uk
Sun Nov 23 22:16:17 CET 2008
Alan DeKok wrote:
> Ram Akuka wrote:
>
>> Hi,
>> i am trying to bind to LDAP server with my the current auth user ..
>>
>
> You don't need to change anything to do that. Just make sure LDAP is
> being used for authentication, and it will automatically bind as user".
>
> If you want to do "bind as user" to get authorization parameters, this
> is wrong.
>
>
>> so i added the following to the ldap module:
>>
>> identity = "uid=%{Stripped-User-Name:-%{User-Name}},ou=people,o=XXX,o=XXX"
>> password = "%{%{User-Password}:-%{Chap-Password}}"
>>
>
> This is *totally* broken. For one reason, the CHAP authentication
> method is *not* a password you can use to bind to ldap.
>
>
>> can some one help me here and tell me what i am doing wrong here????
>>
>
> Leave the "identity" and "password" fields in the LDAP configuration
> as the value for a read-only administrative user.
>
>
The LDAP module can do authentication in two ways. Either you bind as
the administrator, lookup the password hashes/ password in the LDAP
directory and hash the value of User-Password and do a comparison. Or
you bind as the user and reject/ accept the user on the result of the bind.
Which one are you attempting to do here ?
Arran
More information about the Freeradius-Users
mailing list