1 Topic by a3009158 (edited by a3009158 2015-11-11 07:59:07)

  • a3009158
  • Member
  • Offline
  • Registered: 2014-09-15
  • Posts: 6

Topic: Freeradius LDAP authentication

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.1
- Linux/BSD distribution name and version: Debian 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
====
I'm looking to authenticate my Freeradius users against openLDAP provided by iredmail. I successfully created test users and everything is working. However I cannot seem to get Freeradius to access the users on openLDAP. My config looks like this:

        server = "127.0.0.1"
        identity = "cn=vmail,dc=domain,dc=com"
        password = pass
        basedn = "o=domains,dc=domain,dc=com"
        filter = "(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail))"
        base_filter = "(objectclass=mailUser)"

What am I missing?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,768

Re: Freeradius LDAP authentication

I'm afraid that you should check FreeRadius document to understand how it works with LDAP.

I did a quick search, looks like your 'filter =' and 'base_filter =' are wrong. Maybe this should work:

        filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
        base_filter = "(&(objectClass=mailUser)(accountStatus=active))"

If you use full email address as login name, replace 'uid=' by 'mail='.

3 Reply by a3009158

  • a3009158
  • Member
  • Offline
  • Registered: 2014-09-15
  • Posts: 6

Re: Freeradius LDAP authentication

ZhangHuangbin wrote:

I'm afraid that you should check FreeRadius document to understand how it works with LDAP.

I did a quick search, looks like your 'filter =' and 'base_filter =' are wrong. Maybe this should work:

        filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
        base_filter = "(&(objectClass=mailUser)(accountStatus=active))"

If you use full email address as login name, replace 'uid=' by 'mail='.

I think this did the trick. I'll work on a full tutorial and upload it tommorrow. Thanks once more for the absolute killer feedback!

4 Reply by lushangshiyi

  • lushangshiyi
  • Member
  • Offline
  • Registered: 2023-08-14
  • Posts: 1

Re: Freeradius LDAP authentication

May I ask how to let iredmail log in through the user authentication in freeradius? What configuration do I need to do? Thank you very much

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,768

Re: Freeradius LDAP authentication

iRedMail doesn't support auth against FreeRadius, but FreeRadius can use iRedMail as user source.
Please create a new forum topic for your own issue / question, do not hijack other's (7 years old) thread.