freeradius-3.0.1 ldap authenticate

stefan.paetow at diamond.ac.uk stefan.paetow at diamond.ac.uk
Wed Feb 26 14:47:56 CET 2014


>   People should avoid "Auth-Type = ldap".  The ONLY reason to use it is
> for Active Directory, when the request has User-Password.  For all
> other LDAP directories, FreeRADIUS should just grab the password from
> LDAP, and do the authentication itself.

However, it should be properly documented for those who do not wish for FR to have the password, and rather use the bind method instead.

I'm with Alan B. on this. If the LDAP bind method is clearly documented (even if it's just a "if you don't want FR to have the password and want to use bind, see this URL for more info" comment in the authorize and authenticate sections), then chances are that there will be less requests on the mailing list for help with how to authenticate against LDAP (except for those who don't bother reading the configuration files or the Wiki for that matter).

JMHO.

Stefan


-- 
This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail.
Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd. 
Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message.
Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom
 





More information about the Freeradius-Users mailing list