Add option to disable password check

diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c
index 9d48264..885d25d 100644 (file)
--- a/src/modules/rlm_ldap/rlm_ldap.c
+++ b/src/modules/rlm_ldap/rlm_ldap.c
@@ -140,6 +140,7 @@ typedef struct {
        int             is_url;
        int             chase_referrals;
        int             rebind;
+       int             expect_password;
        char           *login;
        char           *password;
        char           *filter;
@@ -235,6 +236,8 @@ static const CONF_PARSER module_config[] = {
         offsetof(ldap_instance,port), NULL, "389"},
        {"password", PW_TYPE_STRING_PTR,
         offsetof(ldap_instance,password), NULL, ""},
+       {"expect_password", PW_TYPE_BOOLEAN,
+        offsetof(ldap_instance,expect_password), NULL, "yes"},
        {"identity", PW_TYPE_STRING_PTR,
         offsetof(ldap_instance,login), NULL, ""},
 
@@ -1783,7 +1786,7 @@ static int ldap_authorize(void *instance, REQUEST * request)
        *       More warning messages for people who can't be bothered
        *       to read the documentation.
        */
-       if (debug_flag > 1) {
+       if (inst->expect_password && (debug_flag > 1)) {
               if (!pairfind(request->config_items, PW_CLEARTEXT_PASSWORD) &&
                   !pairfind(request->config_items, PW_NT_PASSWORD) &&
                   !pairfind(request->config_items, PW_USER_PASSWORD) &&