LDAP auth in two sources

tnt at kalik.net tnt at kalik.net
Fri Nov 27 18:09:15 CET 2009


> IMHO i must see when connecting to first server:
>
> [tam] user DN: uid=vmendelevich,o=tamknown
>
> and this when to second:
>
> [lotus] user DN: uid=vmendelevich,o=tsas
>
> i think this happend because expanding is made only once:
>
> +- entering group tam {...}
> [tam] login attempt by "vmendelevich" with password
> "33333333"
> [tam] 	expand: (uid=%{User-Name}) -> (uid=vmendelevich)
> [tam] 	expand: o=tamknown -> o=tamknown

Correct. I don't know why second instance didn't expand. Perhaps you
should file the bug report and see if Alan will fix this. I know that you
should try to avoid ldap authentication but if you can have different
passwords for the same user (which is very bad design) in redundant ldap
servers, doing redundant authentication is the only way.

Can you list tam and lotus in authorize section and just make sure that
expansion works as expected there.

Ivan Kalik




More information about the Freeradius-Users mailing list