Re: FR 3.x | rlm_ldap | bind as user?

Arran Cudbard-Bell a.cudbardb at freeradius.org
Thu Feb 13 17:26:55 CET 2014


On 13 Feb 2014, at 15:45, Erwann Thoraval <erwann.thoraval at mines-paristech.fr> wrote:

> Hello list,
> 
> With FR 2.2.0 (fedora 18), my users are authenticated using "bind as user" from rlm_ldap (EAP/TTLS-PAP).
> 
> However, i am not able to have the same behaviour with FR 3.0.1 (fedora 20). I didn't copy my old ldap configuration from 2.2 to 3.0, but created a new one from the sample file.
> 
> Is it still possible to authenticate with ldap "bind as user" in FR 3.0? Or do i need to provide an admin account to rlm_ldap for browsing into the ldap database?

Yep, but you need to set the auth method manually.

authorize {
	ldap
	if (ok && User-Password) {
		update control {
			Auth-Type := ldap
		}
	}
}

authenticate {
	Auth-Type ldap {
		ldap
	}
}

There's no toggle for doing this from within the LDAP module anymore.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140213/2a595e25/attachment.pgp>


More information about the Freeradius-Users mailing list