rlm_ldap + bind as user authentication

Stefan Paetow Stefan.Paetow at ja.net
Thu Jul 17 18:48:36 CEST 2014 

Oh, and I just realised... If I'm using EAP-GTC as the inner type in an EAP conversation, I only need to replace the 'pap' in Auth-Type PAP (in the authenticate section) with 'ldap' and it binds ok.

But - Is that the recommended way of doing it?

With Regards

Stefan


From: freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org [mailto:freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org] On Behalf Of Stefan Paetow
Sent: 17 July 2014 17:37
To: FreeRadius users mailing list
Subject: rlm_ldap + bind as user authentication

Hi,

I'm trying to use FreeRADIUS with an LDAP oracle (to be precise, an OpenLDAP instance that uses SASL authentication). From what I understand, this should happen with a single-user bind to the OpenLDAP server... Since it's supposed to use a bind, I'm not retrieving the password, which at this point explains the 'no Auth-Type found'.

Since Arran mentioned a while ago that binding with LDAP is a lot easier these days, is it correct that I use the following in my authorize section (after PAP):

update control {
        #  Only set the Auth-Type if it hasn't been set
        Auth-Type = LDAP
}

And then in the 'authenticate' section I use the below to enable binding?

Auth-Type LDAP {
        Ldap
}

If that's all (plus the user search in .../mods-available/ldap), that's grand :-)

Arran, can you confirm?

Stefan



Janet(UK) is a trading name of Jisc Collections and Janet Limited, a

not-for-profit company which is registered in England under No. 2881024

and whose Registered Office is at Lumen House, Library Avenue,

Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140717/1c1a894b/attachment-0001.html>

More information about the Freeradius-Users mailing list