Multiple LDAP searches

Alan DeKok aland at deployingradius.com
Wed Mar 31 00:40:42 CEST 2010


Rob Brickhouse wrote:
> I am setting up freeradius 2.1.6 and seem to be stuck on how do I go
> about setting up my ldap module to search multiple basedn if the user is
> not found in the first? I have four that I need to search in my LDAP
> tree but cannot figure out the correct way to make it search more than
> one. I feel like this is probably something simple I'm missing but can't
> seem to see it atm.

  There's no simple way to do that.  The intent of the LDAP module is to
have *one* set of users.  Instead, you want fail-over for LDAP searches:

	search BASEDN A, and stop if the user is found
 	otherwise, search BASEDN B, and stop if the user is found
	otherwise....

  That's complicated.  I suggest looking to see if your LDAP server can
provide a "view" that is the union of the 4 basedns.

  Otherwise, maybe write a Perl script, or simply configure 4 copies of
the LDAP module, and then do the fail-over config in FreeRADIUS.

  Alan DeKok.



More information about the Freeradius-Users mailing list