One LDAP server, Multiple Domains ( baseDN )

Alan DeKok aland at deployingradius.com
Tue Aug 9 10:03:34 CEST 2016


On Aug 9, 2016, at 10:01 AM, Saeed Khademi <saeedji at gmail.com> wrote:
> I am new to this list, and my question maybe asked before.
> Sorry if this is a duplicate.

  It's really a question for freeradius-users, not freeradius-devel.  But anyways...

> I have one LDAP server, with multiple domain names on it:
> 
> LDAP server : A.COM
> 
> Domains : A.com
>                B.com
>                C.com
> 
> now I am trying to get it work and authenticate users of all 3 domains correctly. At the same time,
> I like to keep the configuration as short & simple as possible.

  How do the users login?  "user at a.com" and "user at b.com" ?

> Since all the configuration for all three domains are the same, except for base_DN, what I’d like to have is
> to use something like this:
> switch ( “&Realm” ) {
>      case “A.com”  {  base_dn = {"ou=people,dc=A,dc=com" }
>      case “A.com”  {  base_dn = {"ou=people,dc=B,dc=com" }
>      case “A.com”  {  base_dn = {"ou=people,dc=C,dc=com" }
> }

  That doesn't work.  You can't just invent syntax and have it work.

  See "man unlang" for unlang documentation.  See the LDAP module config for what the LDAP module accepts.

  Alan DeKok.




More information about the Freeradius-Devel mailing list