I am trying to configure a DEFAULT user with AuthBy LDAP2.  I want to
to authenticate the Access-Request via LDAP2, then retrieve a DEFAULT user
with LDAP2 which contains the necessary reply items.  This is on my
way to using account profiles matched by LDAP request items.

The only problem is that AuthBy LDAP2 always expects to authenticate the
user with a password.  The documentation (6.33.9) states that PasswordAttr
or EncryptedPasswordAttr are required in the LDAP configuration.  I did
try it without PasswordAttr, but I get an LDAP_PARAM_ERROR.  Obviously
this won't let me lookup a DEFAULT user record.  I think I remember some
talk of how to do this with other AuthBy methods?

My question is: How can I use LDAP2 to append profiled (or DEFAULT)
reply items to an Access-Accept?

Here is what my config looks like right now:

<AuthBy LDAP2>
        # Authenticate the Access-Request from LDAP
        # (This all works fine)
        Identifier      LDAP-login
        ...
</AuthBy>

<AuthBy LDAP2>
        # Fetch the DEFAULT user's reply items
        Identifier      LDAP-DEFAULT
        ...
        SearchFilter    
(&(objectclass=radiusAccount)([EMAIL PROTECTED]))
        UsernameAttr    mailLocalAddress
        AuthAttrDef     radiusReplyItem,GENERIC,reply
</AuthBy>

<AuthBy GROUP>
        Identifier      genericLDAP
        AuthByPolicy    ContinueWhileAccept
        AuthBy          LDAP-login
        AuthBy          LDAP-DEFAULT
</AuthBy>

Thanks,

Carl Litt
Network Administrator
Execulink Internet



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to