This optional parameter can be used with the Novell eDirectory
LDAP server to fetch the user's Universal Password and use it to
authenticate the user. The eDirectory Universal Password is a single
password for each user that can be used to authenticate a range of Unix
and Windows services. Normally it is not possible to fetch the users
password from eDirectory, but GetNovellUP uses a special Novell API to
fetch the users plaintext password.
GetNovellUP will fetch the
password if ServerChecksPassword is not set, and if PasswordAttr and
EncryptedPasswordAttr are either not set or are not present in the user's
LDAP record.
Passwords retrieved with GetNovellUP are in plaintext
and are compatible with PAP, CHAP, MSCHAP, MSCHAPV2, TLS, TTLS-*,
PEAP-MSCHAPV2, EAP-MD5 etc.
The eDirectory server must be configured
correctly before it will supply Universal Passwords to Radiator. The
following conditions must be met.
- eDirectory Password Policy must be created and assigned to the
group, organisational unit or organisation that holds the users to be
authenticated.
- Password Policy must have Universal Passwords enabled.
- Password Policy must have ‘Allow password retrieval by admin’
enabled.
See goodies/edirectory.txt for more details
about how to install and configure eDirectory so that Radiator can use
GetNovellUP successfully.
