LDAP - bind as user - howto?
Matej Žerovnik
matej at zunaj.si
Thu Oct 16 22:36:23 CEST 2014
On 16.10.2014 21:56, Alan DeKok wrote:
> Matej Žerovnik wrote:
>> >In hints file I have:
>> >DEFAULT Ldap-UserDN := "uid=%{User-Name},ou=test,dc=example,dc=com",
>> >Auth-Type := LDAP
> Don't use the "hints" file. Use the "users" file. The two files are
> for very different things.
If I use users file, then %{User-Name} is not substituted with the
user-name provided in the accept-request. I hope it's obvious I want to
use different usernames as different users will use radius to login to
the service.
Debug output says:
[ldap] user DN: uid=%{User-Name},ou=sikkr,dc=izum,dc=si
[ldap] (re)connect to ldaps.izum.si:636, authentication 1
[ldap] setting TLS mode to 1
[ldap] bind as uid=%{User-Name},ou=test,dc=example,dc=com/password to
ldaps.example.com:636
[ldap] waiting for bind result ...
[ldap] Bind failed with invalid credentials
I found out I read about hints file on this url:
http://www.opensource.apple.com/source/freeradius/freeradius-11/freeradius/doc/rlm_ldap
Later I realized that this file is about radius 1.X version, so it's
probably obsolete.
Matej
--
---
Matej Zerovnik
More information about the Freeradius-Users
mailing list