(RADIATOR) LDAP2 and ServerChecksPassword

Jeremy Hinton jgh at visi.net
Fri Jul 13 11:04:36 CDT 2001 

	Oops, i didn't go far enough into the logs i guess. It looks like
it goes anonymous for the initial search query, and then uses the supplied
username and password to authenticate the actual record lookup later.
Answered my own question ;).

- jeremy

On Fri, 13 Jul 2001, Jeremy Hinton wrote:

> 
> Greetings all,
> 
> 	After using radiator for some time with AuthBy SQL, i'm looking at
> tying it into our new directory via LDAP. However, i'm having some
> difficulty with AuthBy LADP2, specifically the ServerChecksPassword
> parameter. As i understand it, This should cause the LDAP module to
> attempt to bind with the directory using the username and password logged
> in with, as opposed to specifying one with AuthDN and AuthPassword. From
> what i can tell though, this is not happening on my server. Instead,
> unless i hard specify the AuthDN and AuthPassword, it binds without
> authentication. I'm running Radiator-2.18.2-3 installed via RPM. Some
> snippets below: 
> 
> #### Start config file excerpt:
> 
> <Realm DEFAULT>
>         <AuthBy LDAP2>
>                 ServerChecksPassword
>                 Host            10.1.1.1
>                 BaseDN          cn=visi.net
>                 PasswordAttr    userPassword
>                 UsernameAttr    uid
>                 Debug           255
>         </AuthBy>
> 
> #### End config file excerpt
> 
> #### Start log file excerpt
> 
> Fri Jul 13 15:02:34 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Jul 13 15:02:34 2001: DEBUG:  Deleting session for jgh, 203.63.154.1,
> 1234
> Fri Jul 13 15:02:34 2001: DEBUG: Handling with Radius::AuthLDAP2
> Fri Jul 13 15:02:34 2001: DEBUG: Connecting to 206.246.194.60, port 389
> Fri Jul 13 15:02:34 2001: DEBUG: Attempting to bind with , 
> Net::LDAP=HASH(0x87077c8) sending:
> 
> 30 0C 02 01 01 60 07 02 01 02 04 00 80 00 __ __ 0....`........
> 
> 0000 30   12: SEQUENCE {
> 0002 02    1:   INTEGER = 1
> 0005 60    7:   [APPLICATION 0] {
> 0007 02    1:     INTEGER = 2
> 000A 04    0:     STRING = ''
> 000C 80    0:     [CONTEXT 0]
> 000E        :   }
> 000E        : }
> Net::LDAP=HASH(0x87077c8) received:
> 
> 30 0C 02 01 01 61 07 0A 01 00 04 00 04 00 __ __ 0....a........
> 
> 0000 30   12: SEQUENCE {
> 0002 02    1:   INTEGER = 1
> 0005 61    7:   [APPLICATION 1] {
> 0007 0A    1:     ENUM = 0
> 000A 04    0:     STRING = ''
> 000C 04    0:     STRING = ''
> 000E        :   }
> 000E        : }
> 
> 
> 
> // Jeremy Hinton                                            VisiNet
> // jgh at visi.net                                         NOC Manager
> // I've wrestled with reality for 35 years, doctor, 
> // and I'm happy to state I finally won out over it. -Elwood P Dowd
> 
> 
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> 

// Jeremy Hinton                                            VisiNet
// jgh at visi.net                                         NOC Manager
// I've wrestled with reality for 35 years, doctor, 
// and I'm happy to state I finally won out over it. -Elwood P Dowd


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list