[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Porting ldap module configuration from 2.2.9 to 3.0.15
From:       "Fajar A. Nugraha" <list () fajar ! net>
Date:       2017-08-31 9:55:12
Message-ID: CAG1y0sf5KXqiLh-9qv=8Zk_z3XkgaA_59wR-+93+G4WDVtn2Xw () mail ! gmail ! com
[Download RAW message or body]

On Thu, Aug 31, 2017 at 4:44 PM, Olivier <Olivier.Nicole@cs.ait.ac.th> wrote:

> The first in in ldap module. In version 2, I did not define an identity
> nor a password and the binding to ldap server is made with the user name
> and password, effectively using ldap to authenticate the user.


> With the version3, I see:
> 
> Aug 31 16:30:32 ldap slapd[550]: conn=60904 fd=107 ACCEPT from \
>                 IP=192.41.170.3:37996 (IP=192.41.170.6:636)
> Aug 31 16:30:32 ldap slapd[550]: conn=60904 fd=107 TLS established tls_ssf=256 \
>                 ssf=256
> Aug 31 16:30:32 ldap slapd[550]: conn=60904 op=0 BIND dn="" method=128
> 
> where an anonymous bind is attempted (dn=""). I am not sure what has
> change in this regard between version 2 and 3, but I really need to
> replicate the same mechanism as in version 2, that is bind with the user
> name instead of going with some administrator account that would search
> in the ldap directory.


So you only want ldap for authentication, not authorization? Try
https://wiki.freeradius.org/modules/Rlm_ldap#userdn-attribute

-- 
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]