> > Are you sure it's version *ONE* of LDAP? More specifically, should I be
> > talk to openLDAP's slapd which "supports both version 2 and 3 of the
> > Lightweight Directory Access Protocol" via libnet-ldap-perl 0.22?
This is now working (but not extensively tested).
Specifically, Debian Linux (woody, aka testing) and Radiator-2.18.1.
Radiator is using libnet-ldap-perl-0.22 talking to slapd-2.0.7 on a
separate box. Perl is 5.6.0.
> AuthBy LDAP2 uses the following (from section 6.33 in the manual):
>
> AuthBy LDAP2 works with the newer Net::LDAP module version in perl-ldap-0.09
> or better (Available from CPAN). It is implemented in AuthLDAP2.pm. The
> Net::LDAP will work with both University of Michigan LDAP and Netscape's LDAP
> SDK, but it does not support SSL encrypted connections to the LDAP server.
Attached is a diff with some suggested changes to the ref-man (created by
lynx -dump from the .html and editing the text):
* Note the vital correction of the typo in the example for BindDN.
* Nit: the change of RADIUS ports to 1812 & 1813 is not so "recent" now
* Typo in FramedGroupMaxPortsPerClassC (s/mudulus/modulus/)
* AuthBy LDAP2 works with OpenLDAP
* OpenLDAP userPassword is encrypted, requires authentication to retrieve.
* Cisco-NAS mailing list
Also attached is a diff to AuthLDAP2.pm which helped immensely in
diagnosing my situation (in conjunction with slapd loglevel 256). Arguably
this should be logging to DEBUG rather than INFO.
HTH,
Neale.
--- AuthLDAP2.pm Thu Apr 26 09:47:28 2001
+++ AuthLDAP2.pm-test Fri May 4 10:45:54 2001
@@ -193,6 +193,17 @@
{
my ($self, $name, $password) = @_;
+ if (defined($name))
+ {
+ $self->log($main::LOG_INFO,
+ "Attempting to bind with $name, $password");
+ }
+ else
+ {
+ $self->log($main::LOG_INFO,
+ "Attempting to bind with no DN and pass");
+ }
+
my $result = $self->{ld}->bind(
defined($name)
? (dn => $name, password => $password)
--- ref-orig.txt Fri May 4 09:00:43 2001
+++ ref-fix.txt Fri May 4 09:15:27 2001
@@ -1111,8 +1111,8 @@
requests. The argument may be either a numeric port number or an
alphanumeric service name as specified in /etc/services (or its moral
equivalent on your system). The default port is 1645. Note that the
- officially assigned port number for Radius authentication has recently
- been changed to 1812.
+ officially assigned port number for Radius authentication is
+ 1812 - this was assigned by IANA when the RADIUS RFCs were published.
# Listen for authentication requests on port 1812 as per RFC
# 2138
@@ -1133,8 +1133,8 @@
requests. The argument may be either a numeric port number or an
alphanumeric service name as specified in / etc/services (or its moral
equivalent on your system). The default port is 1646. Note that the
- officially assigned port number for Radius accounting has recently
- been changed to 1813.
+ officially assigned port number for Radius accounting is
+ 1813 - this was assigned by IANA when the RADIUS RFCs were published.
# Listen for accounting requests on port 1813 as
# per RFC 2139
@@ -1788,7 +1788,7 @@
This optional parameter defines the maximum number of ports that can
be mapped to a class C or class B FramedGroupBaseAddress. The default
is 255, which means that any address from 0 up to 255 in the 3rd or
- 4th octets will be permitted. It actually specifies the mudulus for
+ 4th octets will be permitted. It actually specifies the modulus for
computing the 3rd and 4th octets of addresses calculated from
FramedGroupBaseAddress. You might use this to limit the number of
addresses used in each address block, or to prevent the allocation of
@@ -5589,9 +5589,9 @@
AuthBy LDAP2 works with the newer Net::LDAP module version in
perl-ldap-0.09 or better (Available from CPAN). It is implemented in
- AuthLDAP2.pm. The Net::LDAP will work with both University of Michigan
- LDAP and Netscape's LDAP SDK, but it does not support SSL encrypted
- connections to the LDAP server.
+ AuthLDAP2.pm. The Net::LDAP will work with University of Michigan
+ LDAP, OpenLDAP, and Netscape's LDAP SDK, but it does not support SSL
+ encrypted connections to the LDAP server.
AuthBy LDAPSDK works with Netscape's PerLDAP module and the Netscape
Directory SDK. We provide this in addition to the others because
@@ -5682,7 +5682,7 @@
almost always require this to be set.
# Log in to LDAP as admin
-AuthDn admin
+AuthDN admin
6.33.5 AuthPassword
@@ -5748,6 +5748,9 @@
way, and probably not even then. You must specify either PasswordAttr
or EncryptedPasswordAttr. There is no default.
+ Note that OpenLDAP's userPassword is (a) encrypted and (b) only
+ retrievable via an appropriately authenticated binding to the slapd.
+
# Plaintext passwords. Gasp
PasswordAttr passwd
@@ -10489,6 +10492,9 @@
25.7.1 Cisco
There is a Net News group for cisco: comp.dcom.sys.cisco.
+
+ There is a mailing list for Cisco NAS issues (unsurprisingly)
+ called [EMAIL PROTECTED] To subscribe, send ....
25.7.2 Ascend
