Porting ldap module configuration from 2.2.9 to 3.0.15

Olivier Olivier.Nicole at cs.ait.ac.th
Tue Sep 19 09:15:35 CEST 2017


"Fajar A. Nugraha" <list at fajar.net> writes:

> On Thu, Aug 31, 2017 at 4:44 PM, Olivier <Olivier.Nicole at cs.ait.ac.th> wrote:
>
>> The first in in ldap module. In version 2, I did not define an identity
>> nor a password and the binding to ldap server is made with the user name
>> and password, effectively using ldap to authenticate the user.
>
>
>> With the version3, I see:
>>
>> Aug 31 16:30:32 ldap slapd[550]: conn=60904 fd=107 ACCEPT from IP=192.41.170.3:37996 (IP=192.41.170.6:636)
>> Aug 31 16:30:32 ldap slapd[550]: conn=60904 fd=107 TLS established tls_ssf=256 ssf=256
>> Aug 31 16:30:32 ldap slapd[550]: conn=60904 op=0 BIND dn="" method=128
>>
>> where an anonymous bind is attempted (dn=""). I am not sure what has
>> change in this regard between version 2 and 3, but I really need to
>> replicate the same mechanism as in version 2, that is bind with the user
>> name instead of going with some administrator account that would search
>> in the ldap directory.
>
>
> So you only want ldap for authentication, not authorization? Try
> https://wiki.freeradius.org/modules/Rlm_ldap#userdn-attribute

I need only authentication, but the authentication should be done inside
LDAP, with a binding using the User-Name that is provided to FreeRadius
but what LDAP tells me is that I am binding with no username.

I need something like
http://confluence.diamond.ac.uk/display/PAAUTH/Using+LDAP+as+authentication+source

TIA,

Olivier

-- 


More information about the Freeradius-Users mailing list