I am trying to configure a DEFAULT user with AuthBy LDAP2. I want to
to authenticate the Access-Request via LDAP2, then retrieve a DEFAULT user
with LDAP2 which contains the necessary reply items. This is on my
way to using account profiles matched by LDAP request items.
The only problem is that AuthBy LDAP2 always expects to authenticate the
user with a password. The documentation (6.33.9) states that PasswordAttr
or EncryptedPasswordAttr are required in the LDAP configuration. I did
try it without PasswordAttr, but I get an LDAP_PARAM_ERROR. Obviously
this won't let me lookup a DEFAULT user record. I think I remember some
talk of how to do this with other AuthBy methods?
My question is: How can I use LDAP2 to append profiled (or DEFAULT)
reply items to an Access-Accept?
Here is what my config looks like right now:
<AuthBy LDAP2>
# Authenticate the Access-Request from LDAP
# (This all works fine)
Identifier LDAP-login
...
</AuthBy>
<AuthBy LDAP2>
# Fetch the DEFAULT user's reply items
Identifier LDAP-DEFAULT
...
SearchFilter
(&(objectclass=radiusAccount)([EMAIL PROTECTED]))
UsernameAttr mailLocalAddress
AuthAttrDef radiusReplyItem,GENERIC,reply
</AuthBy>
<AuthBy GROUP>
Identifier genericLDAP
AuthByPolicy ContinueWhileAccept
AuthBy LDAP-login
AuthBy LDAP-DEFAULT
</AuthBy>
Thanks,
Carl Litt
Network Administrator
Execulink Internet
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
