Re: Autz-Type not working as expected

Thu, 02 Sep 2004 08:23:40 -0700 

On Fri, 20 Aug 2004, Coates Carter wrote:

> Thanks Alan DeKok for pointing out the obvious.... that the Autz-Type
> directive is meaningless until the authorize section has had a hit at
> 'files'.  You got me over that hurdle.
>
> However, I am now experiencing a problem that I saw Kostas Kalevras and
> Ron Wahler discussing back in April.  I couldn't find their resolution
> in the archive.
>
> As I mentioned earlier, my ultimate goal is use rlm_ldap to
> authenticate the user without the initial search for the user.    You
> say...
>
>  > Then don't list "ldap" in the "authorize" section.
>
> Well, now I have...
>
> DEFAULT       Ldap-UserDN := `cn=%{User-Name},dc=richmond,dc=edu`, Auth-Type
> = ldap
>
> authorize {
>       files
> }
> authenticate {
>       Auth-Type ldap {
>               ldap1
>       }
> }
>
> ...and the whole thing works, except it's still doing the initial
> bind-and-search...
>
> rlm_ldap: (re)connect to localhost:389, authentication 0
> rlm_ldap: bind as cn=admin,dc=richmond,dc=edu/xxxxxxx to localhost:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in dc=richmond,dc=edu, with filter
> (cn=ccarter)
> rlm_ldap: ldap_release_conn: Release Id: 0
> rlm_ldap: user DN: cn=ccarter,dc=richmond,dc=edu
> rlm_ldap: (re)connect to localhost:389, authentication 1
> rlm_ldap: bind as cn=ccarter,dc=richmond,dc=edu/yyyyyyyy to
> localhost:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: user ccarter authenticated succesfully
>
> This happens contrary to the last bit of advice in
> doc//freeradius-1.0.0/rlm_ldap.


Try doing a cvs update on the ldap module. The Ldap-UserDN was stored and
searched for in the incoming request rather than the check item list. This has
been fixed.

>
> Any suggestions?
> Thanks,
> Coates
>

--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]       National Technical University of Athens, Greece
Work Phone:             +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to