Porting ldap module configuration from 2.2.9 to 3.0.15

Olivier Olivier.Nicole at cs.ait.ac.th
Thu Aug 31 11:44:18 CEST 2017


Hi,

I am curently trying to migrate my sever from freeradius 2 to 3 and am
facing a number of problems.

The first in in ldap module. In version 2, I did not define an identity
nor a password and the binding to ldap server is made with the user name
and password, effectively using ldap to authenticate the user.

In ldap logs, with Freeradius 2, I have:

Aug 31 16:19:41 ldap slapd[550]: conn=60636 fd=98 ACCEPT from IP=192.41.170.6:39806 (IP=192.41.170.6:636)
Aug 31 16:19:41 ldap slapd[550]: conn=60636 fd=98 TLS established tls_ssf=256 ssf=256
Aug 31 16:19:41 ldap slapd[550]: conn=60636 op=0 BIND dn="uid=on,ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th" method=128
Aug 31 16:19:41 ldap slapd[550]: conn=60636 op=0 BIND dn="uid=on,ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th" mech=SIMPLE ssf=0
Aug 31 16:19:41 ldap slapd[550]: conn=60636 op=0 RESULT tag=97 err=0 text=
Aug 31 16:19:41 ldap slapd[550]: conn=60636 op=1 UNBIND
Aug 31 16:19:41 ldap slapd[550]: conn=60636 fd=98 closed

showing that radius has properly bound to ldap using the username (dn="on").

With the version3, I see:

Aug 31 16:30:32 ldap slapd[550]: conn=60904 fd=107 ACCEPT from IP=192.41.170.3:37996 (IP=192.41.170.6:636)
Aug 31 16:30:32 ldap slapd[550]: conn=60904 fd=107 TLS established tls_ssf=256 ssf=256
Aug 31 16:30:32 ldap slapd[550]: conn=60904 op=0 BIND dn="" method=128

where an anonymous bind is attempted (dn=""). I am not sure what has
change in this regard between version 2 and 3, but I really need to
replicate the same mechanism as in version 2, that is bind with the user
name instead of going with some administrator account that would search
in the ldap directory.

How can I acheive that?

Thanks in advance,

Olivier


-- 


More information about the Freeradius-Users mailing list