Porting ldap module configuration from 2.2.9 to 3.0.15

Olivier Olivier.Nicole at cs.ait.ac.th
Tue Sep 19 11:04:33 CEST 2017 

"Fajar A. Nugraha" <list at fajar.net> writes:

> On Tue, Sep 19, 2017 at 3:06 PM, Olivier <Olivier.Nicole at cs.ait.ac.th>
> wrote:
>
>> >> I need only authentication, but the authentication should be done inside
>> >> LDAP, with a binding using the User-Name that is provided to FreeRadius
>> >>
>> >
>> > ... which, to the best of my knowledge, the link pretty tells you how you
>> > can achieve that.
>> >
>> >
>> >> but what LDAP tells me is that I am binding with no username.
>> >>
>> >>
>> > Because it needs to fill Ldap-UserDN attribute.
>> >
>> > Did you read the link? Did you follow what it says to 'avoid the ldap
>> > search completely'?
>>
>> Yes I did and I added:
>>
>> DEFAULT Ldap-UserDN := "uid=%{User-Name},ou=People,
>> ou=csim,dc=cs,dc=ait,dc=ac,dc=th"
>>
>> in the file raddb/users. But it does not change the behaviour. Also, I
>>
>
> That is odd.
>
> Try running freeradius in debug mode (with -X), test authentication from
> client, and read the result (or post it here). What you should watch out
> for:
> - whether the files module are loaded and processed before ldap module
> - and whether Ldap-UserDN is correctly aded
> - what ldap module does
>
>
> am wondering, because the top of the file users mention that
>> # Configuration file for the rlm_files module.
>>
>>
> Correct.
>
> One module can affect others. In this case, if the wiki is correct, the
> files module (rlm_files) can be used to add an attribute (Ldap-UserDN). If
> that attribute is already present, ldap module will behave
> differently.

OK, I did not know about that and I had disabled the files module
because I don't use it.

I enabled it and the output is attached below.

Thank you,

Olivier

-------------- next part --------------
A non-text attachment was scrubbed...
Name: toto
Type: application/octet-stream
Size: 49455 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170919/b719f8f6/attachment-0001.obj>
-------------- next part --------------


--

More information about the Freeradius-Users mailing list