From reading debug logs, am I correct in concluding that rlm_ldap's
behavior:
- when processing authorize{ } is to bind to the LDAP as the provided
administrative DN and search for the DN of the user in the Access-Request
packet
- when processing authenticate{ } is to, if successful during authorize,
then re-bind to the LDAP using the provided username and password and
return Access-Accept only if the bind-as-the-user succeeds?
Correct, as the default behavior?
~BAS
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
