#
# password_attribute = "userPassword"
+# password_radius_attribute: Defined the RADIUS attribute where the extracted
+# user password will be stored to. Can be used to set it to NT-Password or any
+# other similar attribute instead of the default
+#
+# default: User-Password
+#
+# password_radius_attribute = "NT-Password"
+
# edir_account_policy_check: Specifies if the module has to enforce
# Novell eDirectory account policy check and intruder detection for
# RADIUS users. This will work only if FreeRADIUS is configured to build
USERDN Attribute:
When rlm_ldap has found the DN corresponding to the username provided
in the access-request (all this happens in the authorize section) it
-will add an Ldap-UserDN attribute in the check items list containing
+will add an Ldap-UserDN attribute in the request items list containing
that DN. The attribute will be searched for in the authenticate
section and if present will be used for authentication (ldap bind with
the user DN/password). Otherwise a search will be performed to find
authentication or does not wish to populate the identity,password
configuration attributes he can set this attribute by other means and
avoid the ldap search completely. For instance it can be set through
-the users file in the authorize section:
+the hints file in the authorize section:
DEFAULT Ldap-UserDN := `uid=%{User-Name},ou=people,dc=company,dc=com`
+The "users" file won't work, because it can't add items to the request.
+
DIRECTORY COMPATIBILITY NOTE: If you use LDAP only for authorization and
-authentication (e.g. you can not afford schema extention), I propose to set
+authentication (e.g. you can not afford schema extension), we suggest you set
all necessary attributes in raddb/users file with following authorize section
of radiusd.conf :