On Thu, May 8, 2008 at 7:57 PM, Rob VanDusen <rvanduse@oaisd.org> wrote:
My current config will check via LDAP against a NetWare box and authorize anyone in the ESB container - but I can't get it to look at any of the other containers. I tried doing multiple instances of the LDAP module - but that resulted in the server not authorizing anyone.
You probably didn't do it right, because it should work...
How would I set this up so I can add the other O's as Base DN's? I'd really appreciate any instructions that a slightly dim bulb could follow.
Create a LDAP module for every context you want to use with RADIUS: ldap CTC { server = "<IP/FQDN>" identity = "cn=<user>, o=<container>" password = "<password>" basedn = "o=CTC" filter = "(cn=%{Stripped-User-Name:-%{User-Name}})" base_filter = "(objectclass=radiusprofile)" start_tls = yes tls_require_cert = "demand" #access_attr = "dialupAccess" dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 password_attribute = nspmPassword edir_account_policy_check=yes timeout = 4 timelimit = 3 net_timeout = 1 } ldap ESB { basedn = "o=ESB" ... etc. for all other contexts } Now refer to these modules in the Authorize and Post-Authentication (if you want eDirectory policies) by module name, like: authorize { ... CTC ESB ... } post-auth { ... CTC ESB Post-Auth-Type REJECT { CTC ESB ... } ... }