LDAP scope

Stefan Adams stefan at borgia.com
Thu Jan 5 16:50:02 CET 2006


Hi!

Is it possible to specify a basedn of "dc=example,dc=com" with a scope
of "sub" so that my search filters can apply to both "ou=People" and
"ou=Computers" for example?  It seems from my testing that the scope
is "one" by default.

The reason I would like to do this is to have the check box in Windows
XP that says "Authenticate as computer..." checked.  Doing this,
FreeRADIUS is first presented with the credentials of the computer
(host/name).  Since I already have a computer account in ou=Computers,
I figure I'd just add a cn=host/name attribute and modify the filter
to be (|(uid=%{User-Name})(cn=%{User-Name})).  But this can only work
with a basedn of "dc=example,dc=com" and a scope of sub.

Thanks!
Stefan




More information about the Freeradius-Users mailing list