AP> FR> LDAP authentication reject
Olivier Beytrison
olivier at heliosnet.org
Fri Dec 28 08:52:08 CET 2012
On 28.12.2012 08:39, Thanakorn Rattanatikul wrote:
> In LDAP server , for user "sun" , store password in clear-text in this test
So if you have a clear-text password in the ldap, use the ldap
attribute-map to add it in the control list. Looking at the logs I guess
you are running version 2.x, then you should have a file called
/etc/raddb/ldap.attrmap, add a line with
checkitem Cleartext-Password <your-ldap-attribute>
And reference the ldap.attrmap in the ldap module (if not already done)
dictionary_mapping = ${confdir}/ldap.attrmap
And finally you need to ensure that the user defined in the ldap module
(identity) has sufficient rights in the LDAP to retrieve the attribute
containing the clear text password.
Olivier
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mobile: +41 (0)78 619 73 53
Mail: olivier at heliosnet.org
More information about the Freeradius-Users
mailing list