I would like to ldap bind with username instead of DN

Wessel Louwris wessel at stutit.nl
Sun Jun 21 17:34:25 CEST 2020



> Op 21 jun. 2020, om 17:24 heeft Alan DeKok <aland at deployingradius.com> het volgende geschreven:
> 
> wOn Jun 21, 2020, at 11:08 AM, Wessel Louwris <wessel at stutit.nl> wrote:
>> 
>> If I authenticate with user migr03 at company.nl <mailto:migr03 at company.nl> (which is not our main domain example.nl <http://example.nl/>) I get below log.
>> With mig01 at example.nl <mailto:mig01 at example.nl> everything works fine (although it still binds with the full DN) and I can authenticatie. 
>> 
>> I hoped that DEFAULT Ldap-UserDN := "%{User-Name}” in my /etc/freeradius/mods-config/files/authorize would skip the ldapsearch and go straight to the binding with this username.
>> 
>> I also pasted my ldap, authorize, default file below the logs.
> 
>  Don't do that.  Read the docs: http://wiki.freeradius.org/list-help
> 
>> (97) Received Access-Request Id 35 from 10.164.0.3:37310 to 172.17.0.6:1812 length 591
>> (97)   User-Name = "migr03 at company.nl"
> 
>  You're still not posting the FULL debug output.  I asked you to do that.
> 
>  The reason you're having issues is simple:  You're not reading the documentation, and you're not following instructions.
> 
>  I asked you to post the FULL debug output.  You didn't do that.  The documentation says DON'T post configuration files.  You did that.

This is the output from freeradius -f -X 


>  If you simply read the documentation and follow instructions, you can get the issue fixed.  Quickly.  The more you fight, the longer it will take to fix the issue.

I started from https://github.com/hacor/unifi-freeradius-ldap <https://github.com/hacor/unifi-freeradius-ldap> because that was kind of my use case.
I will try to start from scratch and see what happens then.

Thanks again.

Wessel





More information about the Freeradius-Users mailing list