LDAP - bind as user - howto?

Thu Oct 16 21:16:28 CEST 2014

Hey!

I'm having troubles setting authentication over LDAP in 'bind as user' 
mode. I only want to authenticate user against LDAP(ldap bind with 
user/pass provided by the user) and if login is successful, then radius 
returns Access-Accept.
I'm using radius 2.1.12.

In modules/ldap I have the following:
         server = "ldaps.example.com"
         port = "636"
         basedn = "dc=example,dc=com"
         filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
         ldap_connections_number = 5
         timeout = 4
         timelimit = 3
         net_timeout = 1
         password_attribute = userPassword
         set_auth_type = yes

In sites-available/defaults I have:
authorize {
     preprocess
}
authenticate {
         Auth-Type LDAP {
                 ldap
         }
}
The rest of the modules are empty.

In hints file I have:
DEFAULT Ldap-UserDN := "uid=%{User-Name},ou=test,dc=example,dc=com", 
Auth-Type := LDAP

When I try to login, the login fails... In debug log I see the following:
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
[preprocess]   hints: Matched DEFAULT at 36
++[preprocess] returns ok
++[files] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: 
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject

I guess it matches the hint, but it doesn't try to bind to ldap.

If I put DEFAULT Ldap-UserDN := 
"uid=testuser,ou=test,dc=example,dc=com", Auth-Type := LDAP in users 
file and uncomment files in authorize section, login is successfu.

How do I make radius use template provided in hints file and pass it on 
to authenticate modul, so it tries to login to ldap?
Is this even the right way of doing it? I didn't find many posts, that 
tried to do that. Everybody usually search ldap for USERDN attribute in 
authorize section with ldap module.

Thanks, Matej

-- 
---
Matej Zerovnik