[SOLVED] LDAP - bind as user - howto?

Matej Zerovnik matej at zunaj.si
Fri Oct 17 07:43:00 CEST 2014


On 16. 10. 2014 23:25, Stefan Paetow wrote:
> This was recently a topic on this list and I posted this:
>
> http://freeradius.1045715.n5.nabble.com/LDAP-bind-user-authentication-tp5729976p5729979.html
>
> According to the original poster, that did the trick for him and he could use bind-as-user. There was no messing with the 'users' file (or odd default User-Dn stuff), just setting up the LDAP server details, tweaking the ldap query to retrieve your user, and the few lines in both the 'authorize' and 'authenticate' sections to be able to use PAP.
I saw that thread and read it, but unfortunately, I dont have/can't get 
credetials to search LDAP. I will try and ask them again, but I think 
they won't give it to me. Currently, my solution works, but 'ou' is 
hardcoded. This is ok for now, but in the future I would like to expand 
that...

> Matej Žerovnik wrote:
>> >If I use users file, then %{User-Name} is not substituted with the
>> >user-name provided in the accept-request. I hope it's obvious I want to
>> >use different usernames as different users will use radius to login to
>> >the service.
>   You said other things didn't work when you used the "hints" file.
>
>    Just write all of the policies in "unlang".
So I disabled preprocess modul and added the following into authorize 
section:
if (User-Password) {
   update control {
     Auth-Type := ldap
     Ldap-UserDN := "uid=%{User-Name},ou=test,dc=example,dc=com", 
Auth-Type := LDAP
   }
}

It's working not. Is that the correct way to solve my problem?

Matej


More information about the Freeradius-Users mailing list