[RADIATOR] LDAP authentication, IBM Lotus Domino
Pekka.Panula at sofor.fi
Pekka.Panula at sofor.fi
Tue Nov 9 03:30:19 CST 2010
Hi
Thanks for help, i here have a working config for basic username/password
checking from IBM Lotus Domino's LDAP.
I did have problem with default entry, because i dont have it, so Radiator
did thousands of queries to LDAP, but NoDefault parameter helped there.
For reference, here is my config (parts of it):
<AuthBy LDAP2>
NoDefault
Identifier DominoLDAP
Host 1.2.3.4
# You need AuthDN with Domino because anonymous cant get
all LDAP attributes
# without authentication. Make a person doc in names.nsf
AuthDN CN=ldaplogin,O=Sofor
AuthPassword password
# Depends on your Domino config, we have <username>/Sofor,
so:
BaseDN O=Sofor
# The SearchFilter parameter controls which records will
# be searched for matching users. %0 is replaced by
# UsernameAttr and %1 by the user name to be found
# SearchFilter (%0=%1)
# This works with Domino, maybe also cn=%U could work
(needs testing)
SearchFilter (uid=%U)
# This is the LDAP attribute to match the radius user name
# (used as %0 in SearchFilter)
# not used atm, own SearchFilter (see up)
UsernameAttr cn
# UsernameAttr uid
# User password is encrypted with dominos own algorithm, u
need this:
ServerChecksPassword
# AFAIK this works with Domino's LDAP task
HoldServerConnection
Version 3
</AuthBy>
<Handler Realm=sofor>
# Strip realm from username
RewriteUsername s/^([^@]+).*/$1/
# do the auth
AuthBy DominoLDAP
</Handler>
Terveisin/Regards,
Pekka Panula, Sofor Oy - Jatkuvat palvelut
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20101109/5fb455e3/attachment.html
More information about the radiator
mailing list