(RADIATOR) ldap search problem

Simon Merckx simon.merckx at virgajesse.be
Mon Jun 20 06:54:27 CDT 2005


Hi,

I have configured radiator to do an ldap search on a Novell ldap server. When there are two usernames who begin with the same part (for example testadmin and test), it returns the first match it finds. So if the username should be test, radiator matches testadmin if that is the username it first finds in the ldap database. This is unwanted behavior. Is there an option to correct this? There seems to be nothing wrong with the Novell server.

my ldap config:

<AuthBy LDAP2>
		# Tell Radiator how to talk to the LDAP server
		#Host		localhost
		Host		abc.vjz
		# You will only need these if your LDAP server
		# requires authentication. These are the examples
		# in a default OpenLDAP installation
		# see /etc/openldap/slapd.conf
		#AuthDN		cn=Manager, dc=example, dc=com
		#AuthPassword	secret

		# This the top of the search tree where users
		# will be found. It should match the configuration
		# of your server, see /etc/openldap/slapd.conf
		#BaseDN		dc=example, dc=com
		BaseDN		o=lan

		# This is the LDAP attribute to match the radius user name
		#UsernameAttr	cn
		UsernameAttr	cn

		# If you dont specify ServerChecksPassword, you
		# need to tell Radiator wjhich attribute contains
		# the password. It can be plaintext or encrypted
		#EncryptedPasswordAttr    userPassword
		#PasswordAttr	password
		ServerChecksPassword 1
		
		# You can use CheckAttr, ReplyAttr and AuthAttrDef
		# to specify check and reply attributes in the LDAP 
		# database. See the reference manual for more 
		# information
		#AuthAttrDef ipaddress,Framed-IP-Address,reply

		# These are the classic things to add to each users 
		# reply to allow a PPP dialup session. It may be 
		# different for your NAS. This will add some 
		# reply items to everyone's reply
#		AddToReply Framed-Protocol = PPP,\
#        		Framed-IP-Netmask = 255.255.255.255,\
#        		Framed-Routing = None,\
#        		Framed-MTU = 1500,\
#			Framed-Compression = Van-Jacobson-TCP-IP

		# You can enable debugging of the Net::LDAP
		# module with this:
		#Debug 255

		# With LDAP2, You can enable SSL or TLS with perl-ldap 0.22 and better
		# by setting UseSSL or UseTLS. Not supported on Windows
		#UseSSL
		# UseTLS
		# If you set UseSSL or UseTLS, also need to set these:
		#SSLCAClientCert certificates/cert-clt.pem
		#SSLCAClientKey whatever
		#  (certificates in PEM format)
		# Also need to set one of:
		#SSLCAFile certificates/demoCA/cacert.pem
		# SSLCAPath /path/to/file/containing/certificate/of/CA
		#  (certificates in PEM format)
		# These set the corresponding parameters in the 
		# LDAPS connection (see perl-ldap docs)
		# Requires IO::Socket::SSL, Net::SSLeay and openssl

		# You can control the timout for connection failure,
		# plus the backoff time after failure. Timout defaults
		# to 10 secs and FailureBackoffTime to 10 mins
		# Timeout 2
		# FailureBackoffTime 10

		# With PostSearchHook you can do your own processing
		# of the LDAP data. 
		# Arg 0 is the AuthBy LDAP object
		# Arg 1 is the user name being authenticated
		# Arg 2 is the received request packet
		# Arg 3 is the user object holding check and reply
		#  items for this user
		# Arg 4 is the search results handle, whose type
		#   depends on whether its LDAP, LDAP2, or LDAPSDK
		#PostSearchHook sub {print "PostSearchHook @_\n";\
		#	my $attr = $_[4]->get('someldapattr');\
		#	print "get attribute $attr\n";}

		# You can control the LDAP protocol version to be used
		# to talk to the LDAP server. OpenLDAP 2 requires
		# Version 3 unless you have 'allow bind_v2' in your
		# slapd.conf. Defaults to version 2			
		Version 3
	</AuthBy>


regards,

Simon


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list