Thanks for your response. However as I had mentioned in my post, this particular LDAP server uses a person's username and password for binding. There is no service account and anonymous binds are not allowed. Commenting out identity and password did not work.
Am I out of luck here?
On 12/13/05, Phil Mayers <[EMAIL PROTECTED]> wrote:
Derrick Woo wrote:
> The LDAP server we have set up is used to authenticate users based on their
> username and password. If I were to query from the (Linux) command line
> using ldapsearch, the query would appear as follows:
>
> ldapsearch -x -h ldap.domain.com -b ou=ldap,o=domain.com -D uid=XXX,ou=it,o=
> domain.com -w 'YYY'
>
> Where XXX is a person's username and YYY is their password. That means a
> person can only query their own information and not anyone elses (unless, of
> course, they have someone else's username and password).
>
>>From what I can see, it doesn't appear as though the %{User-Name} variable
> can be used within the "identity" setting in freeRADIUS 1.0.1. If that's
> correct, does it mean freeRadius won't be able to be used for this
> particular set up? If I hardcode a test username and password in the
> configuration as follows:
>
> server = "ldap.domain.com"
> identity = "uid=XXX,ou=it,o= domain.com"
> password = 'YYY'
> basedn = "ou=ldap,o=domain.com"
>
> it binds correctly. However, for our particular setup, both the username
> and password's used to bind to the server need to be variable at run time.
"identity" and "password" are the DN and password of a user representing
the *server*, e.g.
identity = "uid=freeRadiusServiceAccount,o= domain.com"
...the LDAP module first binds as identity, searches using the given
"basedn" and "filter", then re-binds as the user, or returns access
denied / not found.
If you don't have a service account and allow anonymous binds (eek) just
comment identity and password out.
>
>
>
> ------------------------------------------------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
