I would like to ldap bind with username instead of DN
Wessel Louwris
wessel at stutit.nl
Sun Jun 21 17:34:25 CEST 2020
> Op 21 jun. 2020, om 17:24 heeft Alan DeKok <aland at deployingradius.com> het volgende geschreven:
>
> wOn Jun 21, 2020, at 11:08 AM, Wessel Louwris <wessel at stutit.nl> wrote:
>>
>> If I authenticate with user migr03 at company.nl <mailto:migr03 at company.nl> (which is not our main domain example.nl <http://example.nl/>) I get below log.
>> With mig01 at example.nl <mailto:mig01 at example.nl> everything works fine (although it still binds with the full DN) and I can authenticatie.
>>
>> I hoped that DEFAULT Ldap-UserDN := "%{User-Name}” in my /etc/freeradius/mods-config/files/authorize would skip the ldapsearch and go straight to the binding with this username.
>>
>> I also pasted my ldap, authorize, default file below the logs.
>
> Don't do that. Read the docs: http://wiki.freeradius.org/list-help
>
>> (97) Received Access-Request Id 35 from 10.164.0.3:37310 to 172.17.0.6:1812 length 591
>> (97) User-Name = "migr03 at company.nl"
>
> You're still not posting the FULL debug output. I asked you to do that.
>
> The reason you're having issues is simple: You're not reading the documentation, and you're not following instructions.
>
> I asked you to post the FULL debug output. You didn't do that. The documentation says DON'T post configuration files. You did that.
This is the output from freeradius -f -X
> If you simply read the documentation and follow instructions, you can get the issue fixed. Quickly. The more you fight, the longer it will take to fix the issue.
I started from https://github.com/hacor/unifi-freeradius-ldap <https://github.com/hacor/unifi-freeradius-ldap> because that was kind of my use case.
I will try to start from scratch and see what happens then.
Thanks again.
Wessel
More information about the Freeradius-Users
mailing list