Re: Configuring LDAP for query ONLY...

2008-01-05 Thread tnt
> >Please let me know if this clear and any other better >way to handle this in radius. > Yes. Why don't you strore zip code as userPassword? Since you are going to use it as password I really don't see why not. That would make things quite simple. Ivan Kalik Kalik Informatika ISP - List info/su

Re: Configuring LDAP for query ONLY...

2008-01-04 Thread Nicholas Hall
On Jan 4, 2008 9:54 AM, Eric Martell <[EMAIL PROTECTED]> wrote: > Hi Ivan, > Actually in the implementation we are going to treat > on the website zipcode as a password field. we are > asking people to enter username and zipcode which is > store in the LDAP Schema. > > In the radius, I am going t

Re: Configuring LDAP for query ONLY...

2008-01-04 Thread Alan DeKok
Eric Martell wrote: > I am trying to do ldap query lookup in the authorize > section and after successful authorization ( if ldap > entry exists on search query) reply with > Access-Accept if not reject. So... you're not authenticating anyone? > I do not want to do authentication in LDAP

Re: Configuring LDAP for query ONLY...

2008-01-04 Thread Eric Martell
Hi Ivan, Actually in the implementation we are going to treat on the website zipcode as a password field. we are asking people to enter username and zipcode which is store in the LDAP Schema. In the radius, I am going to receive username (User-Name) and zipcode ( User-Password). In the ldap mod

Re: Configuring LDAP for query ONLY...

2008-01-04 Thread tnt
OK, so password is not in LDAP. Where is it then? Are you trying to accept users without passwords? Consider using a perl script to implement that logic and forget about LDAP module in Freeradius. Ivan Kalik Kalik Informatika ISP Dana 4/1/2008, "Eric Martell" <[EMAIL PROTECTED]> piše: >Hi Alan,

Re: Configuring LDAP for query ONLY...

2008-01-04 Thread Eric Martell
Hi Alan, I am trying to do ldap query lookup in the authorize section and after successful authorization ( if ldap entry exists on search query) reply with Access-Accept if not reject. I do not want to do authentication in LDAP as we are not storing "userPassword" attribute in ldap schema.

Re: Configuring LDAP for query ONLY...

2008-01-03 Thread Alan DeKok
Eric Martell wrote: > Hi Alan, >Can you please help me out with the LDAP query? I > am still stuck with the issue. What problem is left to solve? i.e. I read and answer a *lot* of email. I don't recall much past what's on my screen right now... Alan DeKok. - List info/subscribe/unsubs

Re: Configuring LDAP for query ONLY...

2008-01-03 Thread Eric Martell
Hi Alan, Can you please help me out with the LDAP query? I am still stuck with the issue. Your response will be greatly appreciated. Thanks and Regards, Eric. --- Alan DeKok <[EMAIL PROTECTED]> wrote: > Phil Mayers wrote: > > Slightly confusing, there are two ways to do this: > > This sho

Re: Configuring LDAP for query ONLY...

2007-12-17 Thread Eric Martell
Hi Phil, Please let me know if you need more info. I am still stuck with the problem. Thanks and Regards, Eric. --- Phil Mayers <[EMAIL PROTECTED]> wrote: > > > > rlm_ldap: user test1 authorized to use remote > access > > rlm_ldap: ldap_release_conn: Release Id: 0 > > modcall[authorize]: m

Re: Configuring LDAP for query ONLY...

2007-12-13 Thread Eric Martell
Hi Phil, Here is the detail configs and logs. Please let me know. Thanks and Regards. modules { ldap { server = "ldap://x:1389"; identity = "uid=appuser,ou=appadm,o=entitlement" password = ** basedn = "ou=roles

Re: Configuring LDAP for query ONLY...

2007-12-13 Thread Alan DeKok
Phil Mayers wrote: > Slightly confusing, there are two ways to do this: This should be fixed before 2.0. There should be only one way to do things. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Configuring LDAP for query ONLY...

2007-12-12 Thread Phil Mayers
rlm_ldap: user test1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. That's the problem. Your LDAP mo

Re: Configuring LDAP for query ONLY...

2007-12-12 Thread Eric Martell
Hi Phil, Yes I did.. Here is the config. modules { ldap { set_auth_type = no } } authorize { preprocess ldap pap } authenticate { # # PAP authentication, when a back-end database listed # in t

Re: Configuring LDAP for query ONLY...

2007-12-11 Thread Phil Mayers
Eric Martell wrote: Hi Phil, I installed the latest freeradius-1.1.7. I put the line set_auth_type = no in ldap module to ignore the authentication. But for some reason I get the following error in the log. rlm_ldap: user test1 authorized to use remote access rlm_ldap: ldap_release_c

Re: Configuring LDAP for query ONLY...

2007-12-11 Thread Eric Martell
Hi Phil, I installed the latest freeradius-1.1.7. I put the line > > set_auth_type = no in ldap module to ignore the authentication. But for some reason I get the following error in the log. rlm_ldap: user test1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0

Re: Configuring LDAP for query ONLY...

2007-12-07 Thread Phil Mayers
Eric Martell wrote: Hi Phil, I need some help again. Is there a way in the ldap module we can specify to return only ONE result for search filter. In my ldap tree when search with a filter (&(uid=test1)(phone=1231313128)) I get multiple results. And in the log I get message as search failed.

Re: Configuring LDAP for query ONLY...

2007-12-06 Thread Eric Martell
Hi Phil, I need some help again. Is there a way in the ldap module we can specify to return only ONE result for search filter. In my ldap tree when search with a filter (&(uid=test1)(phone=1231313128)) I get multiple results. And in the log I get message as search failed. I just want to return

Re: Configuring LDAP for query ONLY...

2007-12-04 Thread Eric Martell
Thanks so much Phil. I am using freeradius-1.0.4 I am going to install the latest version and will try your suggestion. Thanks and Regards. Eric. --- Phil Mayers <[EMAIL PROTECTED]> wrote: > Eric Martell wrote: > > Hi, > > Is it possible to altogether avoid authenticate > > section and just

Re: Configuring LDAP for query ONLY...

2007-12-04 Thread Phil Mayers
Eric Martell wrote: Hi, Is it possible to altogether avoid authenticate section and just do ldap lookups in the authorize section? authorize { ldap { notfound = reject } } The problem is in the authenticate section, radius gets the userDN from the authorize and tries to "bind" lda

Re: Configuring LDAP for query ONLY...

2007-12-04 Thread Eric Martell
I am extremely sorry. Looks like it created new thread with same title. Really apologized. Admin's please merge the thread. Eric. --- Eric Martell <[EMAIL PROTECTED]> wrote: > Hi, > Is it possible to altogether avoid authenticate > section and just do ldap lookups in the authorize > section?

Re: Configuring LDAP for query ONLY...

2007-12-04 Thread Eric Martell
Hi, Is it possible to altogether avoid authenticate section and just do ldap lookups in the authorize section? authorize { ldap { notfound = reject } } The problem is in the authenticate section, radius gets the userDN from the authorize and tries to "bind" ldap with password which

Configuring LDAP for query ONLY...

2007-12-03 Thread Eric Martell
I am little bit confused as how to configure radiusd.conf in the authorize and/or authenticate section. So password is going to act like ldap attribute. We are going to pass, username and ldap attribute (home phone #) as input for each user. The way it is configured now is in the modules, ldap {