ldap basedn assignment

ggreen at olemiss.edu ggreen at olemiss.edu
Wed Aug 3 15:25:48 CEST 2005

I have freeradius setup to use 2 ldap servers as backend
authentication.  One is openldap and the other is windows
active directory.  They have different basedn structures and
these are laid out separately in the conf file. I have it
setup to authenticate off of active directory first and
openldap second. Everything is working fine except for the
case of a user who's openldap username is the same as
someone in active directory. 
In the authorize stage it looks in both AD and ldap. In the
authenticate stage it queries both AD and ldap. The problem
is that in the authenticate stage it uses the basedn of the
server that returns the first ok in the authorize stage. So
if the username is in both AD and ldap, openldap rejects the
user because it is using the AD basedn to query the openldap

Is there a way for me to force the basedn for the ldap
server regardless of which server returned the first ok? 

Thanks in advance


More information about the Freeradius-Users mailing list