On Tue, 18 May 2004, Demetrios Sapounas wrote: > I am running SuSE's open exchange (SuSE 8 based) which includes openldap > 2.1.4 I am trying to integrate freeradius (0.9.3) with this ldap, but I > cannot bind properly. > > I tested my radius build with the local unix files and authenticated > fine. > > When I provide the ldap admin user and password in the radiusd.conf > file, freeradius binds fine to the ldap and authenticates the user (I am > testing with radtest) just fine. > > It seems freeradius tries to bind "anonymous" to ldap. My understanding > is that when freeradius tries to bind to ldap it does so with the user > username and password (the user trying to authenticate). I am getting > the following log entries: > > .... > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to mx1.eastportanalytics.com:389, authentication 0 > rlm_ldap: bind as / to mx1.eastportanalytics.com:389
You need to set the identity/password configuration attributes to the DN/password of a valid ldap user which is allowed to search the ldap tree. The ldap module will first search the ldap tree to find the user DN and *then* it will use that information to do a BIND with the user credentials. > rlm_ldap: waiting for bind result ... > rlm_ldap: performing search in dc=eastportanalytics,dc=com, with filter > (&(objectclass=posixAccount)(uid=mkerr)) > rlm_ldap: object not found or got ambiguous search result > rlm_ldap: search failed > ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns notfound for request 0 > modcall: group authorize returns ok for request 0 > rad_check_password: Found Auth-Type LDAP > auth: type "LDAP" > modcall: entering group authenticate for request 0 > rlm_ldap: - authenticate > .... > > Could someone tell me what I am doing wrong? > > Thank you! > > Demetrios > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
