Selecting one of multiple Ldap server in users file

Gerald Richter richter at ecos.de
Wed Dec 28 14:06:41 CET 2005 

Hi,

> 
> Use Autz-Type instead of Auth-Type
> and set "Autz-Type := aldap1" in the users file (in check items)
> 

That's what I already do and authorization works correctly and accesses
ldap1 or ldap2 as it should, but when it comes to authentication, Auth-Type
is set to "LDAP" by the authorization phase and it didn't know about
different ldap servers anymore

Gerald



> 2005/12/28, Gerald Richter <richter at ecos.de>:
> > Hi,
> >
> > I want to use more than one ldap server to authenticate 
> users. I have 
> > setup a users file that sets the Autz-Type so one of two 
> ldap server 
> > are selected for authorization. Since it is not known which kind of 
> > authentication information is provied by the user, chap is also 
> > included, like
> >
> > Authorize
> >         {
> >         preprocess
> >         suffix
> >         file
> >         Auth-Type aldap1
> >                 {
> >                 chap
> >                 ldap1
> >                 }
> >         Auth-Type aldap2
> >                 {
> >                 chap
> >                 ldap2
> >                 }
> >         }
> >
> > My problem is now when it comes the authentication, because both 
> > instances of the ldap module sets the Auth-Type to LDAP, it 
> will only 
> > work with one ldap server. Also I cannot set the Auth-Type in the 
> > users file, because it might also be set to CHAP by the chap module.
> >
> > How can I specify which ldap server to use for 
> authentication in such 
> > a case? Is there a possibility to include the module 
> instance name in 
> > the Auth-Type?
> >
> > Thanks
> >
> > Gerald
> >
> >
> >
> >
> > 
> --------------------------------------------------------------
> -------------
> > Gerald Richter            ecos electronic communication 
> services gmbh
> > IT-Securitylösungen * Webapplikationen mit 
> > Apache/Perl/mod_perl/Embperl
> >
> > Post:       Tulpenstrasse 5          D-55276 Dienheim b. Mainz
> > E-Mail:     richter at ecos.de          Voice:   +49 6133 939-122
> > WWW:        http://www.ecos.de/      Fax:     +49 6133 939-333
> > 
> ----------------------------------------------------------------------
> > ----- ECOS BB-5000 Firewall- und IT-Security Appliance: 
> > www.bb-5000.info
> > 
> ----------------------------------------------------------------------
> > -----
> >
> >
> >
> >
> >
> > ** Virus checked by BB-5000 Mailfilter **
> >
> >
> > -
> > List info/subscribe/unsubscribe? See 
> > http://www.freeradius.org/list/users.html
> >
> 
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 
>  
> ** Virus checked by BB-5000 Mailfilter ** 
> !DSPAM:43b2754e166506533414836!
> 


 
** Virus checked by BB-5000 Mailfilter **

More information about the Freeradius-Users mailing list