On Fri, 9 Dec 2005, Dusty Doris wrote:
From reading debug logs, am I correct in concluding that rlm_ldap's
Correct, as the default behavior?
Sounds right to me.
I have to ask then:
If on the authorization stage, the module can read (and cache) the entire
DN's attribute set (actually, any DN in the LDAP), why does it need to use
a "re-connect as the user" method for authentication? If the password in
cleartext, comparison is easy. If it's in SSHA/SHA/MD5/blowfish/crypt,
then the comparison can happen against those algorithms.
~BAS
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
