rlm_ldap and large AD structure issue

Phil Mayers p.mayers at imperial.ac.uk
Tue Feb 26 10:53:29 CET 2008


>         ldap a {

add the "set_auth_type = yes" option to all 3 ldap modules, and probably 
call them something more descriptive for reasons which will become clear 
below e.g.

modules {
   ldap ldap-a {
     ..
     set_auth_type = yes
   }
}

> authorize {

You can probably do this:

authorize {
   redundant {
     a
     b
     c
   }
}

...which will stop processing when the first LDAP module matches

> authenticate {

When an LDAP module is "named" as opposed to anonymous and 
"set_auth_type = yes" the Auth-Type gets set to the module name so do this:

authenticate {
   Auth-Type ldap-a {
     ldap-a
   }
   Auth-Type ldap-b {
     ldap-b
   }
}

That should work.



More information about the Freeradius-Users mailing list