AP> FR> LDAP authentication reject

Olivier Beytrison olivier at heliosnet.org
Fri Dec 28 08:52:08 CET 2012

On 28.12.2012 08:39, Thanakorn Rattanatikul wrote:
> In LDAP server , for user "sun" , store password in clear-text in this test
So if you have a clear-text password in the ldap, use the ldap
attribute-map to add it in the control list. Looking at the logs I guess
you are running version 2.x, then you should have a file called
/etc/raddb/ldap.attrmap, add a line with

checkitem	Cleartext-Password		<your-ldap-attribute>

And reference the ldap.attrmap in the ldap module (if not already done)

dictionary_mapping = ${confdir}/ldap.attrmap

And finally you need to ensure that the user defined in the ldap module
(identity) has sufficient rights in the LDAP to retrieve the attribute
containing the clear text password.


 Olivier Beytrison
 Network & Security Engineer, HES-SO Fribourg
 Mobile: +41 (0)78 619 73 53
 Mail: olivier at heliosnet.org

More information about the Freeradius-Users mailing list