differentiate authoriztion/ authentication in separate ldap modules

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Sep 4 09:59:58 CEST 2013


On 4 Sep 2013, at 06:54, "Hachmer, Tobias" <Tobias.Hachmer at stadt-frankfurt.de> wrote:

> Hello Alan,
> 
>>> Hachmer, Tobias wrote:
>>> -       Rewrite DN?
>> You can rewrite the DN.  That's why it's editable, as the LDAP-UserDn attribute.
> 
> How can I do this and how "magic" could I rewrite the DN?
> The local ldap DIT and the AD DIT are totally different (different OU structure). It is much more than rewrite the base DN. 
> When there's no way to determine the DN in AD DIT again I think I can achieve this more easy using ntlm_auth because I just want to check the password against AD, am I right?
> 

Yes.

update control {
	LDAP-BaseDN !* ANY
}
open_ldap.authorize
open_ldap

Or the other way around to auth against AD.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team



More information about the Freeradius-Users mailing list