Radius integration with LDAP (SASL)

Phil Mayers p.mayers at imperial.ac.uk
Tue Jan 17 15:13:46 CET 2012

On 17/01/12 14:04, Alan DeKok wrote:
> vijay t wrote:
>> Please note am "using SASL on my LDAP"... If i create a user in ldap (eg
>> 101821 ) server itself i am able to authenticate the user( Please see
>> the debug output "1") . Am facing problem only for those users whom am
>> using SASL mechanism for userPassword (Please see the debug output "2" )
>    And again, the debug output tells you what is going wrong.  Read it.
>    {SASL}... is NOT the users clear-text password.

IIRC that's a special value that OpenLDAP uses; "{SASL}username" tells 
OpenLDAP to use the SASL library, with the username after the } and the 
password given in the bind request.

So, he's using LDAP as an oracle to talk to an oracle. Maybe there's 
another oracle in there somewhere...

I guess he needs to set "Auth-Type"... I don't know why people construct 
these Heath Robinson systems that make their lives difficult!

More information about the Freeradius-Users mailing list