I would like to ldap bind with username instead of DN
Alan DeKok
aland at deployingradius.com
Fri Jun 19 16:55:55 CEST 2020
On Jun 19, 2020, at 8:11 AM, Wessel Louwris <wessel at stutit.nl> wrote:
>
> I would like to bind with the given username and skip the ldapsearch, so I implemented
>
> DEFAULT Ldap-UserDN := "%{User-Name}”
>
> in my authorize file (as described on https://wiki.freeradius.org/modules/Rlm_ldap <https://wiki.freeradius.org/modules/Rlm_ldap>).
> Unfortunately this seems to be not enough because it’s still binding with the DN:
>
> (6) ldap: Login attempt by "user at company.nl "
It helps to show the FULL debug output. You've deleted 99% of the output. That means we don't know what else is going on.
> (6) ldap: Using user DN from request "uid= user,ou=Users,dc=example,dc=com” # this is a wrong DN returned by ldapsearch
> (6) ldap: Waiting for bind result...
> (6) ldap: ERROR: Bind credentials incorrect: Invalid credentials
My guess is that you're running the "files" module (which reads the users file) *after* the ldap module.
Alan DeKok.
More information about the Freeradius-Users
mailing list